Skip to content

Commit

Permalink
Merge pull request #3058 from cgwalters/doc-authenticated-repos
Browse files Browse the repository at this point in the history
docs: Add authenticated-repos.md
  • Loading branch information
jmarrero authored Sep 27, 2023
2 parents 13be078 + d4adb79 commit ec7bc82
Showing 1 changed file with 28 additions and 0 deletions.
28 changes: 28 additions & 0 deletions docs/authenticated-repos.md
Original file line number Diff line number Diff line change
@@ -0,0 +1,28 @@
---
nav_order: 9
---

# Handling access to authenticated remote repositories
{: .no_toc }

1. TOC
{:toc}


There is no default concept of an "ostree server"; ostree expects to talk to a generic webserver, so any tool and technique applicable for generic HTTP can also apply to fetching content via OSTree's builtin HTTP client.

## Using mutual TLS

The `tls-client-cert-path` and `tls-client-key-path` expose the underlying HTTP code for [mutual TLS](https://en.wikipedia.org/wiki/Mutual_authentication).

Each device can be provisioned with a secret key which grants it access to the webserver.

## Using basic authentication

The client supports HTTP `basic` authentication, but this has well-known management drawbacks.

## Using cookies

Since [this pull request](https://github.com/ostreedev/ostree/pull/531) ostree supports adding cookies to a remote configuration. This can be used with e.g. [Amazon CloudFront](https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/private-content-signed-cookies.html).


0 comments on commit ec7bc82

Please sign in to comment.