如何将凭据烘焙到git的docker映像中? [英] How to bake credential into docker image for git?

问题描述

这实际上是我之前的一个.

我正在尝试使用docker托管个人笔记网络服务，并希望备份该服务生成的数据(我的笔记). 目前，我计划使用git提交，拉入并推送到存储库中.

I am trying to use docker to host a personal note-taking web service and want to backup data generated by the service (my notes). Currently I plan to use git to commit, pull, and push to a repository for my purpose.

要执行git pull and push，我的docker映像需要托管我的凭据.实现此目的最简单但最安全的方法是什么?

To do git pull and push, my docker image needs to host my credentials. What is the easiest yet safe way to achieve this?

到目前为止我所做的:

• 我选择Alpine作为服务图像的基础图像.
• 因为我只需要git的凭据，所以我认为将git凭据帮助器放入图像中可能会解决我的问题.我可以在构建期间将凭据保存到帮助程序中，并在运行时使用它们.
• 根据

• I choose Alpine as the base image of the image of my service.
• Because I only need credentials for git, I think put a git credential helper into the image may solve my problem. I can save credentials to the helper during the build time and use them during runtime.
• I googled a while and decided to use libsecret as my git credential helper, according to this article.
• I have installed libsecret and set my git credential helper to be git-credential-libsecret

但是，到目前为止，我还无法使git-credential-libsecret功能正常.这是我遇到的几个问题:

However, I cannot make git-credential-libsecret functional so far. Here are a couple of problems that I encountered:

• 首先，我测试了git-credential-libsecret get并得到以下错误:

CRITICAL **: could not connect to Secret Service: Cannot spawn a message bus without a machine-id: Unable to load /var/lib/dbus/machine-id or /etc/machine-id: Failed to open file */var/lib/dbus/machine-id*: No such file or directory

• 我(可能是?)通过安装dbus并运行dbus-uuidgen > /var/lib/dbus/machine-id
来解决了该问题
• I (probably?) solved it by installing dbus and run dbus-uuidgen > /var/lib/dbus/machine-id

然后我再次尝试运行git-credential-libsecret get.这次，它报告:

Then I try to run git-credential-libsecret get again. This time, it reports that:

CRITICAL **: could not connect to Secret Service: Cannot autolaunch D-Bus without X11 $DISPLAY

• 我尝试安装dbus-x11并运行dbus-launch --sh-syntax(从这里)，但是这次没有运气.错误继续.
• I tried to install dbus-x11 and run dbus-launch --sh-syntax(from here) but with no luck this time. The error continues.

最后，我想知道:

1. 我是否在正确的方向上(使用git凭证帮助器)实现我的目标?
2. 如果是，该如何解决X11问题?
3. 还有其他快速且干净的方法可以通过版本控制在Docker中备份数据吗?

推荐答案

如果您的git提供程序支持带有公钥的ssh，我认为最简单的方法是切换到它们.您也不必复制密码.

If your git provider supports ssh with public keys, I think the easiest way would be to switch to them. You would also not have to copy around your password.

您需要:

• 将ssh客户端添加到您的docker映像
• 注册密钥以提供者
• add ssh client to your docker image
• generate an ssh key and copy it to the image. The ssh-agent part is not needed
• register the key to the provider

这篇关于如何将凭据烘焙到git的docker映像中?的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！