mirror of
https://github.com/Luzifer/git-credential-vault.git
synced 2024-12-22 18:51:16 +00:00
Add Dockerfile example
Signed-off-by: Knut Ahlers <knut@ahlers.me>
This commit is contained in:
parent
3458345434
commit
b7ae6984a6
1 changed files with 23 additions and 0 deletions
23
README.md
23
README.md
|
@ -33,3 +33,26 @@ username=api
|
|||
password=myverysecrettoken
|
||||
protocol=https
|
||||
```
|
||||
|
||||
### Dockerfile example (go get)
|
||||
|
||||
In this example the `VAULT_TOKEN` is passed in through a build-arg which means you **MUST** revoke the token before pushing the image, otherwise you will be leaking an active credential!
|
||||
|
||||
```Dockerfile
|
||||
FROM golang:alpine
|
||||
|
||||
ARG VAULT_ADDR
|
||||
ARG VAULT_TOKEN
|
||||
|
||||
RUN set -ex \
|
||||
&& apk --no-cache add git \
|
||||
&& go get -u -v github.com/Luzifer/git-credential-vault \
|
||||
&& git config --global credential.helper 'vault --vault-path-prefix secret/git-credentials'
|
||||
|
||||
RUN set -ex \
|
||||
&& go get -v github.com/myuser/secretrepo
|
||||
```
|
||||
|
||||
```console
|
||||
# docker build --build-arg VAULT_ADDR=${VAULT_ADDR} --build-arg VAULT_TOKEN=${VAULT_TOKEN} --no-cache .
|
||||
```
|
||||
|
|
Loading…
Reference in a new issue