Docs

credentials

Usage

ocm get credentials {<consumer property>=<value>}

Options

  -h, --help             help for credentials
  -m, --matcher string   matcher type override
  -s, --sloppy           sloppy matching of consumer type

Description

Try to resolve a given consumer specification against the configured credential settings and show the found credential attributes.

Matchers exist for the following usage contexts or consumer types:

  • Buildcredentials.ocm.software: Gardener config credential matcher

    It matches the Buildcredentials.ocm.software consumer type and additionally acts like the hostpath type.

    Credential consumers of the consumer type Buildcredentials.ocm.software evaluate the following credential properties:

    • key: secret key use to access the credential server

  • Github: GitHub credential matcher

    This matcher is a hostpath matcher.

    Credential consumers of the consumer type Github evaluate the following credential properties:

    • token: GitHub personal access token

  • HashiCorpVault: HashiCorp Vault credential matcher

    This matcher matches credentials for a HashiCorp vault instance. It uses the following identity attributes:

    • hostname: vault server host
    • scheme: (optional) URL scheme
    • port: (optional) server port
    • namespace: vault namespace
    • secretEngine: secret engine
    • pathprefix: path prefix for secret

    Credential consumers of the consumer type HashiCorpVault evaluate the following credential properties:

    • authmeth: auth method
    • token: vault token
    • roleid: applrole role id
    • secretid: applrole secret id
    • secretid: applrole secret id

    The only supported auth methods, so far, are token and approle.

  • HelmChartRepository: Helm chart repository

    It matches the HelmChartRepository consumer type and additionally acts like the hostpath type.

    Credential consumers of the consumer type HelmChartRepository evaluate the following credential properties:

    • username: the basic auth user name
    • password: the basic auth password
    • certificate: TLS client certificate
    • privateKey: TLS private key
    • certificateAuthority: TLS certificate authority

  • OCIRegistry: OCI registry credential matcher

    It matches the OCIRegistry consumer type and additionally acts like the hostpath type.

    Credential consumers of the consumer type OCIRegistry evaluate the following credential properties:

    • username: the basic auth user name
    • password: the basic auth password
    • identityToken: the bearer token used for non-basic auth authorization
    • certificateAuthority: the certificate authority certificate used to verify certificates

  • Registry.npmjs.com: NPM repository

    It matches the Registry.npmjs.com consumer type and additionally acts like the hostpath type.

    Credential consumers of the consumer type Registry.npmjs.com evaluate the following credential properties:

    • username: the basic auth user name
    • password: the basic auth password
    • email: NPM registry, require an email address
    • token: the token attribute. May exist after login at any npm registry. Check your .npmrc file!

  • S3: S3 credential matcher

    This matcher is a hostpath matcher.

    Credential consumers of the consumer type S3 evaluate the following credential properties:

    • awsAccessKeyID: AWS access key id
    • awsSecretAccessKey: AWS secret for access key id
    • token: AWS access token (alternatively)

  • Signingserver.gardener.cloud: signing service credential matcher

    This matcher matches credentials for a Signing Service instance. It uses the following identity attributes:

    • hostname: signing server host
    • scheme: (optional) URL scheme
    • port: (optional) server port
    • pathprefix: path prefix for the server URL

    Credential consumers of the consumer type Signingserver.gardener.cloud evaluate the following credential properties:

    • clientCert: client certificate for authentication
    • privateKey: private key for client certificate
    • caCerts: root certificate for signing server

  • wget: wget credential matcher

    It matches the wget consumer type and additionally acts like the hostpath type.

    Credential consumers of the consumer type wget evaluate the following credential properties:

    • username: the basic auth user name
    • password: the basic auth password
    • identityToken: the bearer token used for non-basic auth authorization
    • certificateAuthority: the certificate authority certificate used to verify certificates presented by the server
    • certificate: the certificate used to present to the server
    • privateKey: the private key corresponding to the certificate

The following standard identity matchers are supported:

  • exact: exact match of given pattern set

  • hostpath: Host and path based credential matcher

    This matcher works on the following properties:

    • type (required if set in pattern): the identity type
    • hostname (required if set in pattern): the hostname of a server
    • scheme (optional): the URL scheme of a server
    • port (optional): the port of a server
    • pathprefix (optional): a path prefix to match. The element with the most matching path components is selected (separator is /).

  • partial (default): complete match of given pattern ignoring additional attributes

The used matcher is derived from the consumer attribute type. For all other consumer types a matcher matching all attributes will be used. The usage of a dedicated matcher can be enforced by the option –matcher.

See Also

  • ocm get — Get information about artifacts and components
Prev
credential-handling
Next
hash