Closed maitrey closed 2 weeks ago
Hi @maitrey
In general, the recommendation for git credentials would be the same as for regular git clone
operations inside Conan recipes: Do not use Conan for injecting those dependencies. Git has modern auth mechanisms, like ssh-keys, GIT_ASKPASS, etc, that allows for more secure authentication and credentials manager than explicitly passing credentials in a Conan command like conan config install
that will expose those credentials in the CI pipeline logs.
Also, I'd recommend having a look to the new conan config install-pkg
feature, that stores configuration in Conan packages, using the same auth as any other Conan package (and simplifying different tasks as updates)
okay I embed the credentials into the git url and this helps me as of now. Many Thanks for your answer.
okay I embed the credentials into the git url and this helps me as of now. Many Thanks for your answer.
yes, sure, that can work. If you are interested in other alternatives, the conan config install
has a --args
"extra-args" argument that will also forward those arguments to the git clone
. But the problem is intrinsically the same, it is a security issue, because the credentials can easily get exposed in CI logs, so this is something to try to avoid.
I am closing the ticket as responded, don't hesitate to re-open or create a new one for further questions, thanks for the feedback!
What is your question?
Dear Conan Folks,
Is it possible that I could pass the git credentials when doing a conan config install from a git repository? This we need especially for CI/CD Use-cases where inw e use GitHub App's to check out source code. I read the docu but seems there is no such option: https://docs.conan.io/2/reference/commands/config.html
Thanks! Br, Maitrey
Have you read the CONTRIBUTING guide?