Add example for git clone

Signed-off-by: Knut Ahlers <knut@ahlers.me>
2024-11-09 23:00:13 +00:00 · 2020-04-01 15:56:19 +02:00 · 2020-04-01 15:56:19 +02:00 · 272b7718fb
commit 272b7718fb
parent ff4c12902e
1 changed files with 24 additions and 0 deletions
--- a/README.md
+++ b/README.md
@ -34,6 +34,30 @@ password=myverysecrettoken
 protocol=https
 ```

+### Dockerfile example (git clone)
+
+In this example the `VAULT_TOKEN` is passed in through a build-arg which means you **MUST** revoke the token before pushing the image, otherwise you will be leaking an active credential!
+
+```Dockerfile
+FROM alpine
+
+ARG VAULT_ADDR
+ARG VAULT_TOKEN
+
+RUN set -ex \
+ && apk --no-cache add curl git \
+ && curl -sSfL "https://github.com/Luzifer/git-credential-vault/releases/download/v0.1.0/git-credential-vault_linux_amd64.tar.gz" | tar -xz -C /usr/bin \
+ && mv /usr/bin/git-credential-vault_linux_amd64 /usr/bin/git-credential-vault \
+ && git config --global credential.helper 'vault --vault-path-prefix secret/git-credentials'
+
+RUN set -ex \
+ && git clone https://github.com/myuser/secretrepo.git /src
+```
+
+```console
+# docker build --build-arg VAULT_ADDR=${VAULT_ADDR} --build-arg VAULT_TOKEN=${VAULT_TOKEN} --no-cache .
+```
+
 ### Dockerfile example (go get)

 In this example the `VAULT_TOKEN` is passed in through a build-arg which means you **MUST** revoke the token before pushing the image, otherwise you will be leaking an active credential!