forked from mpdehaan/vespene-io.github.io
-
Notifications
You must be signed in to change notification settings - Fork 0
/
access.html
296 lines (179 loc) · 11.3 KB
/
access.html
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
<!DOCTYPE html>
<!--[if IE 8]><html class="no-js lt-ie9" lang="en" > <![endif]-->
<!--[if gt IE 8]><!--> <html class="no-js" lang="en" > <!--<![endif]-->
<head>
<meta charset="utf-8">
<meta name="viewport" content="width=device-width, initial-scale=1.0">
<title>SSH Keys and Service Logins — Vespene documentation</title>
<link rel="stylesheet" href="_static/css/theme.css" type="text/css" />
<link rel="stylesheet" href="_static/pygments.css" type="text/css" />
<link rel="index" title="Index" href="genindex.html" />
<link rel="search" title="Search" href="search.html" />
<link rel="next" title="Importing Organizations" href="importing.html" />
<link rel="prev" title="Variables" href="variables.html" />
<script src="_static/js/modernizr.min.js"></script>
</head>
<body class="wy-body-for-nav">
<div class="wy-grid-for-nav">
<nav data-toggle="wy-nav-shift" class="wy-nav-side">
<div class="wy-side-scroll">
<div class="wy-side-nav-search">
<a href="contents.html" class="icon icon-home"> Vespene
</a>
<div role="search">
<form id="rtd-search-form" class="wy-form" action="search.html" method="get">
<input type="text" name="q" placeholder="Search docs" />
<input type="hidden" name="check_keywords" value="yes" />
<input type="hidden" name="area" value="default" />
</form>
</div>
</div>
<div class="wy-menu wy-menu-vertical" data-spy="affix" role="navigation" aria-label="main navigation">
<p class="caption"><span class="caption-text">Getting Started</span></p>
<ul>
<li class="toctree-l1"><a class="reference internal" href="index.html">About Vespene</a></li>
<li class="toctree-l1"><a class="reference internal" href="setup.html">Setup Guide</a></li>
<li class="toctree-l1"><a class="reference internal" href="tutorial.html">Tutorial</a></li>
</ul>
<p class="caption"><span class="caption-text">Fundmentals</span></p>
<ul class="current">
<li class="toctree-l1"><a class="reference internal" href="workers.html">Workers</a></li>
<li class="toctree-l1"><a class="reference internal" href="projects.html">Projects</a></li>
<li class="toctree-l1"><a class="reference internal" href="variables.html">Variables</a></li>
<li class="toctree-l1 current"><a class="current reference internal" href="#">Access</a><ul>
<li class="toctree-l2"><a class="reference internal" href="#ssh-keys">SSH Keys</a></li>
<li class="toctree-l2"><a class="reference internal" href="#service-logins">Service Logins</a></li>
</ul>
</li>
</ul>
<p class="caption"><span class="caption-text">Workflow</span></p>
<ul>
<li class="toctree-l1"><a class="reference internal" href="importing.html">Imports (.vespene)</a></li>
<li class="toctree-l1"><a class="reference internal" href="launch_questions.html">Launch Questions</a></li>
<li class="toctree-l1"><a class="reference internal" href="pipelines.html">Pipelines</a></li>
<li class="toctree-l1"><a class="reference internal" href="scheduling.html">Scheduling</a></li>
<li class="toctree-l1"><a class="reference internal" href="webhooks.html">Webhooks</a></li>
</ul>
<p class="caption"><span class="caption-text">Admin</span></p>
<ul>
<li class="toctree-l1"><a class="reference internal" href="authz.html">Authorization</a></li>
<li class="toctree-l1"><a class="reference internal" href="cli.html">CLI</a></li>
<li class="toctree-l1"><a class="reference internal" href="plugins.html">Plugins</a></li>
<li class="toctree-l1"><a class="reference internal" href="security.html">Security</a></li>
<li class="toctree-l1"><a class="reference internal" href="settings.html">Settings</a></li>
<li class="toctree-l1"><a class="reference internal" href="upgrades.html">Upgrades</a></li>
</ul>
<p class="caption"><span class="caption-text">Community</span></p>
<ul>
<li class="toctree-l1"><a class="reference internal" href="resources.html">Resources</a></li>
<li class="toctree-l1"><a class="reference internal" href="development_setup.html">Development Setup</a></li>
<li class="toctree-l1"><a class="reference internal" href="development_guide.html">Development Guide</a></li>
<li class="toctree-l1"><a class="reference internal" href="faq.html">FAQ / Troubleshooting</a></li>
<li class="toctree-l1"><a class="reference internal" href="partnership.html">Partnership Program</a></li>
</ul>
</div>
</div>
</nav>
<section data-toggle="wy-nav-shift" class="wy-nav-content-wrap">
<nav class="wy-nav-top" aria-label="top navigation">
<i data-toggle="wy-nav-top" class="fa fa-bars"></i>
<a href="contents.html">Vespene</a>
</nav>
<div class="wy-nav-content">
<div class="rst-content">
<div role="navigation" aria-label="breadcrumbs navigation">
<ul class="wy-breadcrumbs">
<li><a href="contents.html">Docs</a> »</li>
<li>SSH Keys and Service Logins</li>
<li class="wy-breadcrumbs-aside">
<a href="_sources/access.rst.txt" rel="nofollow"> View page source</a>
</li>
</ul>
<hr/>
</div>
<div role="main" class="document" itemscope="itemscope" itemtype="http://schema.org/Article">
<div itemprop="articleBody">
<img alt="Vespene Logo" class="align-right" src="_images/vespene_logo.png" />
<div class="section" id="ssh-keys-and-service-logins">
<span id="access"></span><h1>SSH Keys and Service Logins<a class="headerlink" href="#ssh-keys-and-service-logins" title="Permalink to this headline">¶</a></h1>
<p>Vespene can store SSH private keys as well as service logins (such as GitHub username and passwords) to use during builds and checkouts that occur
as part of builds. This means users using Vespene don’t have to provide these credentials (or have direct access to them) and the system will use them on their behalf.</p>
<div class="section" id="ssh-keys">
<span id="ssh"></span><h2>SSH Keys<a class="headerlink" href="#ssh-keys" title="Permalink to this headline">¶</a></h2>
<p>Vespene can manage SSH keys in two ways.</p>
<p>In the simplest case, when checking out repositories, such as git repos, Vespene can use SSH keys on your behalf during the checkout.
Using dedicated SSH keys is often preferable to using usernames or passwords for these services.</p>
<p>Further, when running projects, Vespene workers can use SSH keys to allow access to external systems. This is perhaps more interesting. For instance,
a Vespene worker could use an SSH key to manage an external server or set of servers.</p>
<p>Multiple SSH keys can be assigned to any project. They are entered in the “SSH Keys” view of Vespene, and then selected in the Project UI.
Each key does require a private key upload, as well as an unlock password if the key is protected.</p>
<p>The contents of the keys do not have to be shared with users who can access the Vespene UI, but they can still use them when launching the project.</p>
<p>SSH keys uploaded <em>ARE</em> private keys, which are stored using Vespene encryption plugins in the database.</p>
<p>Build isolation as described in <a class="reference internal" href="workers.html#workers"><span class="std std-ref">Workers</span></a> is used to prevent the build scripts from accessing the database. As described in more detail in
<a class="reference internal" href="security.html#security"><span class="std std-ref">Security Guide</span></a>, SSH keys given to Vespene should be deploy keys exclusively used by the Vespene system only, and frequently rotated. Key management
may be modified in a future release. Keys given to Vespene should be unique for the purpose of use <em>by</em> Vespene to enable easy rotation.</p>
<p>To use SSH keys it is required that workers are started wrapped with the ‘ssh-agent’ process, as described in <a class="reference internal" href="workers.html#workers"><span class="std std-ref">Workers</span></a> and this is done automatically
if you generate Vespene’s supervisor config as according to the <a class="reference internal" href="setup.html#setup"><span class="std std-ref">Setup</span></a> instructions.</p>
<p>Also note that there is no differentiation between SSH keys provided for access to a SCM or a machine, both are available for both purposes. If this is concerning,
provide dedicated keys for specific purposes.</p>
</div>
<div class="section" id="service-logins">
<span id="id1"></span><h2>Service Logins<a class="headerlink" href="#service-logins" title="Permalink to this headline">¶</a></h2>
<p>Service Logins are sets of usernames and passwords that can be used to access source control repositories.</p>
<p>The system will not share the passwords used, but they are made available to multiple users.</p>
<p>For source control systems that also work with SSH keys, like git, these can also be ignored in favor of <a class="reference internal" href="#ssh"><span class="std std-ref">SSH Keys</span></a>.</p>
<p>At this time, Service Logins are <em>only</em> used during git checkouts and Subversion requires a publically accessible repo. Updates to these
behaviors are welcome contributions.</p>
<p>These passwords are not yet marked by a particular service, for instance they can’t be used for cloud API logins or something like that. This could
also be implemented in the future.</p>
</div>
</div>
</div>
</div>
<footer>
<div class="rst-footer-buttons" role="navigation" aria-label="footer navigation">
<a href="importing.html" class="btn btn-neutral float-right" title="Importing Organizations" accesskey="n" rel="next">Next <span class="fa fa-arrow-circle-right"></span></a>
<a href="variables.html" class="btn btn-neutral" title="Variables" accesskey="p" rel="prev"><span class="fa fa-arrow-circle-left"></span> Previous</a>
</div>
<hr/>
<div role="contentinfo">
<p>
© Copyright 2018, Michael DeHaan LLC.
</p>
</div>
Built with <a href="http://sphinx-doc.org/">Sphinx</a> using a <a href="https://github.com/rtfd/sphinx_rtd_theme">theme</a> provided by <a href="https://readthedocs.org">Read the Docs</a>.
</footer>
</div>
</div>
</section>
</div>
<script type="text/javascript">
var DOCUMENTATION_OPTIONS = {
URL_ROOT:'./',
VERSION:'',
LANGUAGE:'None',
COLLAPSE_INDEX:false,
FILE_SUFFIX:'.html',
HAS_SOURCE: true,
SOURCELINK_SUFFIX: '.txt'
};
</script>
<script type="text/javascript" src="_static/jquery.js"></script>
<script type="text/javascript" src="_static/underscore.js"></script>
<script type="text/javascript" src="_static/doctools.js"></script>
<script type="text/javascript" src="_static/js/theme.js"></script>
<script type="text/javascript">
jQuery(function () {
SphinxRtdTheme.Navigation.enable(true);
});
</script>
<style>
.wy-side-nav-search, .wy-nav-top {
background: #444444;
}
.wy-nav-side {
background: #444444;
}
</style>
</body>
</html>