search

aptly-dev / aptly

aptly - Debian repository management tool
https://www.aptly.info/
MIT License
2.58k stars 376 forks source link

Option to use authentication #1051

Open devopstt opened 2 years ago

devopstt commented 2 years ago

We also want to create mirrors where we need authentication. We can pass user:password@url.com but it would be better to provide a user and password variable separated from the URL itself. Also the user+password is visible in the created graph, because it shows the whole URL including user and password. We can not provide the graph to others without leaking the credentials.

Context

Sae way to implement authentication. Dont leak any passwords in created graph.

Possible Implementation

Provide user and password variable.

Current aptly version: 1.4.0

flotho commented 2 years ago

did you try with recent code ?

devopstt commented 2 years ago

Do you mean the current code from master branch? Right now we are running on 1.4.0.

Can you point out the change? Because from my point of view, its still in the current code: https://github.com/aptly-dev/aptly/blob/cbf0416d7e5070f58d0b40fc1be3e771b0baacf4/deb/graph.go#L45

It uses ArchiveRoot to show the URL and this also contains the credentials.