Two methods of authentication are supported:
If ENVBUILDER_GIT_URL starts with http:// or https://, envbuilder will
authenticate with ENVBUILDER_GIT_USERNAME and ENVBUILDER_GIT_PASSWORD, if set.
For access token-based authentication, follow the following schema (if empty, there's no need to provide the field):
| Provider | ENVBUILDER_GIT_USERNAME |
ENVBUILDER_GIT_PASSWORD |
|---|---|---|
| GitHub | [access-token] | |
| GitLab | oauth2 | [access-token] |
| BitBucket | x-token-auth | [access-token] |
| Azure DevOps | [access-token] |
If using envbuilder inside of Coder, you can use the coder_external_auth Terraform resource to automatically provide this token on workspace creation:
data "coder_external_auth" "github" {
id = "github"
}
resource "docker_container" "dev" {
env = [
ENVBUILDER_GIT_USERNAME = data.coder_external_auth.github.access_token,
]
}If ENVBUILDER_GIT_URL does not start with http:// or https://,
envbuilder will assume SSH authentication. You have the following options:
-
Public/Private key authentication: set
ENVBUILDER_GIT_SSH_PRIVATE_KEY_PATHto the path of an SSH private key mounted inside the container. Envbuilder will use this SSH key to authenticate. Example:docker run -it --rm \ -v /tmp/envbuilder:/workspaces \ -e [email protected]:path/to/private/repo.git \ -e ENVBUILDER_INIT_SCRIPT=bash \ -e ENVBUILDER_GIT_SSH_PRIVATE_KEY_PATH=/.ssh/id_rsa \ -v /home/user/id_rsa:/.ssh/id_rsa \ ghcr.io/coder/envbuilder
-
Agent-based authentication: set
SSH_AUTH_SOCKand mount in your agent socket, for example:
docker run -it --rm \
-v /tmp/envbuilder:/workspaces \
-e [email protected]:path/to/private/repo.git \
-e ENVBUILDER_INIT_SCRIPT=bash \
-e SSH_AUTH_SOCK=/tmp/ssh-auth-sock \
-v $SSH_AUTH_SOCK:/tmp/ssh-auth-sock \
ghcr.io/coder/envbuilderNote: by default, envbuilder will accept and log all host keys. If you need strict host key checking, set
SSH_KNOWN_HOSTSand mount in aknown_hostsfile.