credentials
On this page
Usage
Options
Description
Try to resolve a given consumer specification against the configured credential settings and show the found credential attributes.
Matchers exist for the following usage contexts or consumer types:
Buildcredentials.ocm.software
: Gardener config credential matcherIt matches the
Buildcredentials.ocm.software
consumer type and additionally acts like thehostpath
type.Credential consumers of the consumer type Buildcredentials.ocm.software evaluate the following credential properties:
key
: secret key use to access the credential server
Github
: GitHub credential matcherThis matcher is a hostpath matcher.
Credential consumers of the consumer type Github evaluate the following credential properties:
token
: GitHub personal access token
HashiCorpVault
: HashiCorp Vault credential matcherThis matcher matches credentials for a HashiCorp vault instance. It uses the following identity attributes:
hostname
: vault server hostscheme
: (optional) URL schemeport
: (optional) server portnamespace
: vault namespacemountPath
: mount pathpathprefix
: path prefix for secret
Credential consumers of the consumer type HashiCorpVault evaluate the following credential properties:
authmeth
: auth methodtoken
: vault tokenroleid
: app-role role idsecretid
: app-role secret id
The only supported auth methods, so far, are
token
andapprole
.HelmChartRepository
: Helm chart repositoryIt matches the
HelmChartRepository
consumer type and additionally acts like thehostpath
type.Credential consumers of the consumer type HelmChartRepository evaluate the following credential properties:
username
: the basic auth user namepassword
: the basic auth passwordcertificate
: TLS client certificateprivateKey
: TLS private keycertificateAuthority
: TLS certificate authority
MavenRepository
: MVN repositoryIt matches the
MavenRepository
consumer type and additionally acts like thehostpath
type.Credential consumers of the consumer type MavenRepository evaluate the following credential properties:
username
: the basic auth user namepassword
: the basic auth password
NpmRegistry
: NPM registryIt matches the
NpmRegistry
consumer type and additionally acts like thehostpath
type.Credential consumers of the consumer type NpmRegistry evaluate the following credential properties:
username
: the basic auth user namepassword
: the basic auth passwordemail
: NPM registry, require an email addresstoken
: the token attribute. May exist after login at any npm registry. Check your .npmrc file!
OCIRegistry
: OCI registry credential matcherIt matches the
OCIRegistry
consumer type and additionally acts like thehostpath
type.Credential consumers of the consumer type OCIRegistry evaluate the following credential properties:
username
: the basic auth usernamepassword
: the basic auth passwordidentityToken
: the bearer token used for non-basic auth authorizationcertificateAuthority
: the certificate authority certificate used to verify certificates
S3
: S3 credential matcherThis matcher is a hostpath matcher.
Credential consumers of the consumer type S3 evaluate the following credential properties:
awsAccessKeyID
: AWS access key idawsSecretAccessKey
: AWS secret for access key idtoken
: AWS access token (alternatively)
Signingserver.gardener.cloud
: signing service credential matcherThis matcher matches credentials for a Signing Service instance. It uses the following identity attributes:
hostname
: signing server hostscheme
: (optional) URL schemeport
: (optional) server portpathprefix
: path prefix for the server URL
Credential consumers of the consumer type Signingserver.gardener.cloud evaluate the following credential properties:
clientCert
: client certificate for authenticationprivateKey
: private key for client certificatecaCerts
: root certificate for signing server
wget
: wget credential matcherIt matches the
wget
consumer type and additionally acts like thehostpath
type.Credential consumers of the consumer type wget evaluate the following credential properties:
username
: the basic auth user namepassword
: the basic auth passwordidentityToken
: the bearer token used for non-basic auth authorizationcertificateAuthority
: the certificate authority certificate used to verify certificates presented by the servercertificate
: the certificate used to present to the serverprivateKey
: the private key corresponding to the certificate
The following standard identity matchers are supported:
exact
: exact match of given pattern sethostpath
: Host and path based credential matcherThis matcher works on the following properties:
type
(required if set in pattern): the identity typehostname
(required if set in pattern): the hostname of a serverscheme
(optional): the URL scheme of a serverport
(optional): the port of a serverpathprefix
(optional): a path prefix to match. The element with the most matching path components is selected (separator is/
).
partial
(default): complete match of given pattern ignoring additional attributes
The used matcher is derived from the consumer attribute type
.
For all other consumer types a matcher matching all attributes will be used.
The usage of a dedicated matcher can be enforced by the option –matcher
.
See Also
- ocm get — Get information about artifacts and components