-
-
Notifications
You must be signed in to change notification settings - Fork 120
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Add support for upstream auth with ENV variables #339
Conversation
I really like this approach to solve the gem licensing problem! Something like Tailscale could also offer an alternative to basic auth or other Gemstash credentials. I wonder if there's a way for us to make this less painful for RubyGems users generally... thanks for the inspiration, and I'll keep thinking about this general issue even after we finish and merge this change. Would you feel ok about defaulting to https for upstream sources? So the URL could then be |
Hi @indirect, I am glad to read it 🙂 I've updated the PR with the default scheme, the changelog and docs, and squashed the commits. Please, let me know if you find something that should be updated. Thank you! |
3ed12f7
to
d479025
Compare
Just my 2 cents but why not just use the bundler envvar naming convention? Then I can just copy things wholesale from my local env and not have to worry about remembering to prefix it with gemstash. |
@hersha Hi, it uses the same ENV naming conventions as Bundler, so you only need to replace the We could add support for both, but it wouldn't be beneficial. Having correctly named ENV variables helps with their management. And who knows, maybe there is a case where having them set for Bundler on the same machine would not be desirable. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Thanks for supporting Gemstash with this quality of life improver.
989b7c0
to
62e63a8
Compare
Hi @olleolleolle, thank you for the review. I rebased and updated the PR. |
62e63a8
to
8c15ddc
Compare
8c15ddc
to
096e20a
Compare
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Let's get this merged!
Thank you for being so patient and generous with your time, @CiTroNaK!
@CiTroNaK Now released as v2.5.0. Cheers! |
Description:
Allowing to set auth credentials for upstreams on the Gemstash instance with
ENV
variables (GEMSTASH_<HOST>
), that can contain basic auth or API key.This is mainly POC, and I will happily update the PR based on your feedback and add this to the docs.
Use case
The primary use case is to have only one place where the credentials for private/licensed sources are set without storing them inside the Gemfile or distributing them to all developers. That should significantly reduce the time needed to rotate or set (distribute) new credentials (for each developer in the team or CI and other services that need to access it). This also should help to prevent leaking the credentials.
Gemstash instance should be secured using (at least) basic authentication. With this setup, anyone could point their Gemfile to it and be able to fetch private/licensed gems. Developers would only set credentials to the Gemstash instance locally.
Example
Version 2.2.2 with this commit was used for testing.
Setup gemstash
Gemfile
With a gem under auth (Sidekiq Pro) without setting the credentials in the upstream.
Bundle
Next steps (if this PR will be accepted)