Two methods of authentication are supported:
If ENVBUILDER_GIT_URL
starts with http://
or https://
, envbuilder will
authenticate with ENVBUILDER_GIT_USERNAME
and ENVBUILDER_GIT_PASSWORD
, if set.
For access token-based authentication, follow the following schema (if empty, there's no need to provide the field):
Provider | ENVBUILDER_GIT_USERNAME |
ENVBUILDER_GIT_PASSWORD |
---|---|---|
GitHub | [access-token] | |
GitLab | oauth2 | [access-token] |
BitBucket | x-token-auth | [access-token] |
Azure DevOps | [access-token] |
If using envbuilder inside of Coder, you can use the coder_external_auth
Terraform resource to automatically provide this token on workspace creation:
data "coder_external_auth" "github" {
id = "github"
}
resource "docker_container" "dev" {
env = [
ENVBUILDER_GIT_USERNAME = data.coder_external_auth.github.access_token,
]
}
If ENVBUILDER_GIT_URL
does not start with http://
or https://
,
envbuilder will assume SSH authentication. You have the following options:
-
Public/Private key authentication: set
ENVBUILDER_GIT_SSH_PRIVATE_KEY_PATH
to the path of an SSH private key mounted inside the container. Envbuilder will use this SSH key to authenticate. Example:docker run -it --rm \ -v /tmp/envbuilder:/workspaces \ -e ENVBUILDER_GIT_URL=git@example.com:path/to/private/repo.git \ -e ENVBUILDER_INIT_SCRIPT=bash \ -e ENVBUILDER_GIT_SSH_PRIVATE_KEY_PATH=/.ssh/id_rsa \ -v /home/user/id_rsa:/.ssh/id_rsa \ ghcr.io/coder/envbuilder
-
Agent-based authentication: set
SSH_AUTH_SOCK
and mount in your agent socket, for example:
docker run -it --rm \
-v /tmp/envbuilder:/workspaces \
-e ENVBUILDER_GIT_URL=git@example.com:path/to/private/repo.git \
-e ENVBUILDER_INIT_SCRIPT=bash \
-e SSH_AUTH_SOCK=/tmp/ssh-auth-sock \
-v $SSH_AUTH_SOCK:/tmp/ssh-auth-sock \
ghcr.io/coder/envbuilder
Note: by default, envbuilder will accept and log all host keys. If you need strict host key checking, set
SSH_KNOWN_HOSTS
and mount in aknown_hosts
file.