[build2] Using ssh-git
Boris Kolpackov
boris at codesynthesis.com
Mon Nov 5 14:34:59 UTC 2018
Bo Lorentsen <bl at lue.dk> writes:
> The reason that ssh would be nice here, is the fact that once the ssh rsa
> key are in place, on the developer system, the credential situation are much
> more easy to handle (on aws at least), as it works along with whatever other
> ssh communication and git in the dev clones.
Right, that was my thinking as well. Things like private keys/ssh-agent
should make authorization fairly transparent.
> I think that I will go for the credential in url version, as Karen
> suggested, and just hope that one day I can use ssh as an alternative.
We will try to add ssh:// support for the next release. I will ping you
when we have something for you to try.
> I also think the URL version are more robust when scaling up in a larger
> company, as we could make a key that only have specific readonly access to a
> given set of git repos ARN's. That way the revealed key and password is not
> that sensitive having floating around in all kind of manifest files :-)
Yes, though this is still not ideal, especially if the contents of these
repositories are proprietary/sensitive.
I did a bit of research and it seems there is a mechanism similar to
ssh-agent for caching git credentials:
https://git-scm.com/docs/git-credential-cache
And:
https://git-scm.com/docs/gitcredentials
Have you seen/tried this?
More information about the users
mailing list