-
Notifications
You must be signed in to change notification settings - Fork 212
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
📝 Add documentation on how credentials work internally
- Loading branch information
1 parent
5e3e015
commit 3f2dc28
Showing
3 changed files
with
20 additions
and
5 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,14 @@ | ||
--- | ||
title: How credentials work | ||
description: How credentials work | ||
--- | ||
|
||
When you are authoring a bundle, you can define what credentials your bundle requires such as a github token, cloud provider username/password, etc. Then in your action's steps you can reference the credentials using porter's template language `{{ bundle.credentials.github_token }}`. | ||
|
||
Credentials are injected when a bundle is executed (install/upgrade/uninstall/invoke). First a user creates a credentials set using `porter credentials generate`. This is a mapping that tells porter "given a name of a credential such as `github_token`, where can the value be found?", possible locations of a credential are: result of a command, environment value, file path, or hard coded value. The generate command walks you through all the credentials used by a bundle and where the values can be found. | ||
|
||
Now when you execute the bundle you can pass the credential set to the command use `--cred` or `-c` flag, e.g. `porter install --cred github`. Before the bundle is executed, porter users the credential set's mappings to retrieve the credential values and then inject them into the bundle's execution environment, e.g. the docker container, as environment variables. | ||
|
||
Inside the bundle's execution environment Porter looks for those environment variables that represent the credentials and replaces the template placeholders like `{{ bundle.credentials.github_token }}` with the actual credential value before executing the step. | ||
|
||
Once the bundle finishes executing, the credentials are NOT recorded in the bundle instance (claim). Parameters are recorded there so that you can view them later using `porter instances show NAME --output json`. |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters