Skip to content

Latest commit

 

History

History
152 lines (98 loc) · 4.99 KB

server-secrets.md

File metadata and controls

152 lines (98 loc) · 4.99 KB
Raw

Server Secrets

It is possible to provide a token or credentials for a number of external services. These may be used to lift a rate limit or provide access to private resources from a self-hosted instance.

There are two ways of setting secrets:

  1. Via environment variables. This is a good way to set them in a PaaS environment.
GH_TOKEN=...
  1. Via checked-in config/local.yml:
private:
  gh_token: '...'

For more complex scenarios, configuration files can cascade. See the node-config documentation for details.

Azure DevOps

  • AZURE_DEVOPS_TOKEN (yml: azure_devops_token)

An Azure DevOps Token (PAT) is required for accessing private Azure DevOps projects.

Create a PAT using an account that has access to your target Azure DevOps projects. Your PAT only needs the following scopes:

  • Build (read)
  • Release (read)
  • Test Management (read)

Bintray

  • BINTRAY_USER (yml: bintray_user)
  • BINTRAY_API_KEY (yml: bintray_apikey)

The bintray API requires authentication Create an account and obtain a token from the user profile page.

Drone

  • DRONE_TOKEN (yml: drone_token)

The self-hosted Drone API requires authentication Login to your Drone instance and obtain a token from the user profile page.

GitHub

  • GH_TOKEN (yml: gh_token)

Because of Github rate limits, you will need to provide a token, or else badges will stop working once you hit 60 requests per hour, the unauthenticated rate limit.

You can create a personal access token through the Github website. When you create the token, you can choose to give read access to your repositories. If you do that, your self-hosted Shields installation will have access to your private repositories.

When a gh_token is specified, it is used in place of the Shields token rotation logic.

  • GH_CLIENT_ID (yml: gh_client_id)
  • GH_CLIENT_SECRET (yml: gh_client_secret)

These settings are used by shields.io for GitHub OAuth app authorization but will not be necessary for most self-hosted installations. See production-hosting.md.

Jenkins CI

  • JENKINS_USER (yml: jenkins_user)
  • JENKINS_PASS (yml: jenkins_pass)

Provide a username and password to give your self-hosted Shields installation access to a private Jenkins CI instance.

JIRA

  • JIRA_USER (yml: jira_user)
  • JIRA_PASS (yml: jira_pass)

Provide a username and password to give your self-hosted Shields installation access to a private JIRA instance.

Nexus

  • NEXUS_USER (yml: nexus_user)
  • NEXUS_PASS (yml: nexus_pass)

Provide a username and password to give your self-hosted Shields installation access to your private nexus repositories.

NPM

  • NPM_TOKEN (yml: npm_token)

Generate an npm token to give your self-hosted Shields installation access to private npm packages

Sentry

  • SENTRY_DSN (yml: sentry_dsn)

A Sentry DSN may be used to send error reports from your installation to Sentry.io. For more info, see the self hosting docs.

SymfonyInsight (formerly Sensiolabs)

  • SL_INSIGHT_USER_UUID (yml: sl_insight_userUuid)
  • SL_INSIGHT_API_TOKEN (yml: sl_insight_apiToken)

The SymfonyInsight API requires authentication. To obtain a token, Create an account, sign in and obtain a uuid and token from your account page.

SonarQube

  • SONARQUBE_TOKEN (yml: sonarqube_token)

Generate a token to give your self-hosted Shields installation access to a private SonarQube instance or private project on a public instance.

Wheelmap

  • WHEELMAP_TOKEN (yml: wheelmap_token)

The wheelmap API requires authentication. To obtain a token, Create an account, sign in and use the Authentication Token displayed on your profile page.