Comments (5)
Just thinking this through a little more,
Core should probably generate the key pair when it starts, if it doesn't already exist (in a volume mount), and Frontends can share this volume.
So that it is created once and doesn't change.
Then we just need to be able to copy the public key from backoffice to add it to the required repos.
from models.
There’s a few possibilities for handling this:
- One key-pair per repo. These can be generated when adding a repo and the public key shown to the user. This could work neatly if we split out the driver and UI build process to an external service. Advantages is this makes it very simple safe to roll keys if required and we’d likely only have a single instance of the service so never need to share private keys between machines.
- One key-pair per core node.
- Or, one key-pair per full deploy (shared between all core nodes and repos).
@viv-4 you’re probably more familiar than me, but am I correct in thinking that most repo hosting providers need these keys added at the repo level rather than being able to be added to an org? The only reason I can see for not using a key per repo is to reduce config overhead.
from models.
We'll avoid generation of the key on the core side @viv-4
At the model level, we'll generate a new keypair (if none is passed in during creation) and keep it encrypted server-side.
The public key will be visible to admin/support.
from models.
from models.
The build service that is replacing the internal core compilation and the cloning process will only support password-based authentication for git repos
from models.
Related Issues (20)
- Settings inconsistent on validation and read behaviour
- Use SHA256 for email digests HOT 1
- `Driver`'s `repository_uri` should change if associated `Repository`'s `uri` changes. HOT 1
- Remove `key`
- Settings merge order
- Add Asset Manager Models
- Add department field for Department Desk Booking
- Last Modified Metadata
- Rename `Authority` to `Domain` HOT 1
- Generalise Model Versions
- Add `Metadata` versions
- Convert `Metadata#details` to `JSON::Any`
- Postgres Events RnD
- Metadata needs to be indexed
- Triggers Comparison to support `null`
- Update CI schedule to fix notifications HOT 3
- Optionally allow API-Keys to expire
- [Zones] Add timezone field
- [Zones] Add images field
- add additional permissions to users for editing assets
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from models.