Documentation
¶
Overview ¶
Package github implements the github/sts auth integration: a just-in-time, least-privilege GitHub token broker for CI. It is the Git-credentials analog of the aws/ecr integration (Execute persists secret material to a deterministic on-disk location; Environment returns a pointer to it; Cleanup removes and revokes it).
Index ¶
- Constants
- func NewGitHubSTSIntegration(config *integrations.IntegrationConfig) (integrations.Integration, error)
- type GitHubSTSIntegration
- func (g *GitHubSTSIntegration) Cleanup(ctx context.Context) error
- func (g *GitHubSTSIntegration) Environment() (map[string]string, error)
- func (g *GitHubSTSIntegration) Execute(ctx context.Context, creds types.ICredentials) error
- func (g *GitHubSTSIntegration) GetIdentity() string
- func (g *GitHubSTSIntegration) GetProvider() string
- func (g *GitHubSTSIntegration) Kind() string
Constants ¶
const ( // GitConfigModeEnv injects per-owner insteadOf rewrites inline via GIT_CONFIG_KEY_n/VALUE_n. GitConfigModeEnv = "env" // GitConfigModeFile writes a 0600 gitconfig and emits include.path to it (tokens stay off the env). GitConfigModeFile = "file" )
Variables ¶
This section is empty.
Functions ¶
func NewGitHubSTSIntegration ¶
func NewGitHubSTSIntegration(config *integrations.IntegrationConfig) (integrations.Integration, error)
NewGitHubSTSIntegration creates a github/sts integration from config.
Types ¶
type GitHubSTSIntegration ¶
type GitHubSTSIntegration struct {
// contains filtered or unexported fields
}
GitHubSTSIntegration implements the github/sts integration type.
func (*GitHubSTSIntegration) Cleanup ¶
func (g *GitHubSTSIntegration) Cleanup(ctx context.Context) error
Cleanup revokes each minted token directly against GitHub and removes state files.
func (*GitHubSTSIntegration) Environment ¶
func (g *GitHubSTSIntegration) Environment() (map[string]string, error)
Environment returns the GIT_CONFIG_* variables that route git over the minted tokens.
func (*GitHubSTSIntegration) Execute ¶
func (g *GitHubSTSIntegration) Execute(ctx context.Context, creds types.ICredentials) error
Execute mints GitHub STS tokens and persists them for consumption and revocation.
func (*GitHubSTSIntegration) GetIdentity ¶
func (g *GitHubSTSIntegration) GetIdentity() string
Environment helper: GetIdentity returns the identity name (empty for provider-bound).
func (*GitHubSTSIntegration) GetProvider ¶
func (g *GitHubSTSIntegration) GetProvider() string
GetProvider returns the provider name (empty for identity-bound).
func (*GitHubSTSIntegration) Kind ¶
func (g *GitHubSTSIntegration) Kind() string
Kind returns "github/sts".
Source Files