luzifer/git-credential-vault
1
0
Fork 0
mirror of https://github.com/Luzifer/git-credential-vault.git synced 2024-09-19 08:02:57 +00:00
Code Issues Releases Wiki Activity

Add Dockerfile example

Browse Source 
Signed-off-by: Knut Ahlers <knut@ahlers.me>
This commit is contained in:
Knut Ahlers 2020-04-01 15:40:34 +02:00
parent 3458345434
commit b7ae6984a6
Signed by: luzifer
GPG Key ID: DC2729FDD34BE99E
1 changed files with 23 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

23
README.md
View File

@ -33,3 +33,26 @@ username=api
password=myverysecrettoken
protocol=https
```
### Dockerfile example (go get)
In this example the `VAULT_TOKEN` is passed in through a build-arg which means you **MUST** revoke the token before pushing the image, otherwise you will be leaking an active credential!
```Dockerfile
FROM golang:alpine
ARG VAULT_ADDR
ARG VAULT_TOKEN
RUN set -ex \
&& apk --no-cache add git \
&& go get -u -v github.com/Luzifer/git-credential-vault \
&& git config --global credential.helper 'vault --vault-path-prefix secret/git-credentials'
RUN set -ex \
&& go get -v github.com/myuser/secretrepo
```
```console
# docker build --build-arg VAULT_ADDR=${VAULT_ADDR} --build-arg VAULT_TOKEN=${VAULT_TOKEN} --no-cache .
```