Using Access Tokens

[choman]

I have struggled finding good documentation/guides on how to use access tokens in regards to the roles/requirements.yml file. So I thought I would start a discussion (as I didn't see one) on how to properly handle using access tokens when one cannot use ssh

NOTE: this displayed token is fake. and the repo is fake too. These are examples

I know this works

- name: ansible-role-shellcheck
  src: https://oauth2:Y5Y3eF4SAvDF5X1t6wYD@gitlab.com/mep-wisconsin/ansible-role-shellcheck
  scm: git
  version: main

But there has to be a better way. Idealistically, I would like to specify just

- name: ansible-role-shellcheck
  src: https://gitlab.com/mep-wisconsin/ansible-role-shellcheck
  scm: git
  version: main

But I am not sure where to set the secrets to get this to work

Alternative Idea, but also having issues to get to work

- name: ansible-role-shellcheck
  src: https://oauth2:{{ lookup('env', 'GITLAB_TOKEN') }}@gitlab.com/mep-wisconsin/ansible-role-shellcheck
  scm: git
  version: main

[choman]

OK my current solution is to add a basic cred helper to the container (yes I'm running in docker, sorry that I forgot to mention that)

Update compose.yml

• secrets (file)
• volumes mount gitconfig:/etc/gitconfig

Secrets file

• 640 modes (for the root group inside container)
• File is in root and maintained by sudoers

cred helper

[credential "https://gitlab.com"]
   username = oauth2
   helper = "!f() { test \"$1\" = get && echo \"password=$(cat /run/secrets/gitlab_token)\"; }; f"

Thoughts?