#Mask Private Daggerverse Token

1 messages · Page 1 of 1 (latest)

craggy ember
#

I've created a private Daggerverse on Github and access it with a PAT.
In my CI I can mask these tokens from being printed out in the Dagger logs.
However locally I'm not clear on how I can do this.

I setup my token with
export GITHUB_PAT=my_git_pat_token_in_plain_text

Then call my function with
dagger -m https://$GITHUB_PAT@github.com/myusers/daggerverse.git/build call build --source=.

In the logs I can see
14 : moduleSource(refString: "https://my_git_pat_token_in_plain_text@github.com/myusers/daggerverse.git/build"): ModuleSource!

How can I stop Dagger showing my PAT value in the logs?

toxic bone
#

@craggy ember for PAT support you need to follow this reference : https://docs.dagger.io/api/remote-modules/#authentication-methods

Using Modules from Remote Repositories | Dagger

Dagger supports the use of HTTP and SSH protocols for accessing remote repositories as Dagger modules, compatible with all major Git hosting platforms such as GitHub, GitLab, BitBucket, Azure DevOps, Codeberg, and Sourcehut. Dagger supports authentication via both HTTPS (using Git credential managers) and SSH (using a unified authentication appr...

#

using the $GITHUB_PAT in the module url in the -m flag is not secure

craggy ember
#

I've got this working now on my local machine from within WSL Ubuntu but using the following command to use the Windows credential manager in WSL
git config --global credential.helper "/mnt/c/Program\\ Files/Git/mingw64/bin/git-credential-manager.exe"

I also want to be able to do this in a Gitlab CI pipeline, accessing my Daggerverse repo on a Github instance.
I can mask the PAT in the Gitlab setup, but is there a better way to do it in this situation?

craggy ember
#

For info, we can't use SSH as it's blocked on our firewall (don't ask) so have to use HTTPS for this