如何将凭据烘焙到git的docker映像中? [英] How to bake credential into docker image for git?
问题描述
这实际上是我之前的一个.
我正在尝试使用docker托管个人笔记网络服务,并希望备份该服务生成的数据(我的笔记). 目前,我计划使用git提交,拉入并推送到存储库中.
I am trying to use docker to host a personal note-taking web service and want to backup data generated by the service (my notes). Currently I plan to use git to commit, pull, and push to a repository for my purpose.
要执行git pull and push,我的docker映像需要托管我的凭据.实现此目的最简单但最安全的方法是什么?
To do git pull and push, my docker image needs to host my credentials. What is the easiest yet safe way to achieve this?
到目前为止我所做的:
- I choose
Alpine
as the base image of the image of my service. - Because I only need credentials for git, I think put a git credential helper into the image may solve my problem. I can save credentials to the helper during the build time and use them during runtime.
- I googled a while and decided to use
libsecret
as my git credential helper, according to this article. - I have installed
libsecret
and set my git credential helper to begit-credential-libsecret
但是,到目前为止,我还无法使git-credential-libsecret
功能正常.这是我遇到的几个问题:
However, I cannot make git-credential-libsecret
functional so far. Here are a couple of problems that I encountered:
-
首先,我测试了
git-credential-libsecret get
并得到以下错误:
CRITICAL **: could not connect to Secret Service: Cannot spawn a message bus without a machine-id: Unable to load /var/lib/dbus/machine-id or /etc/machine-id: Failed to open file */var/lib/dbus/machine-id*: No such file or directory
- 我(可能是?)通过安装
dbus
并运行dbus-uuidgen > /var/lib/dbus/machine-id
来解决了该问题
- I (probably?) solved it by installing
dbus
and rundbus-uuidgen > /var/lib/dbus/machine-id
- 我尝试安装
dbus-x11
并运行dbus-launch --sh-syntax
(从这里),但是这次没有运气.错误继续. - I tried to install
dbus-x11
and rundbus-launch --sh-syntax
(from here) but with no luck this time. The error continues. - 我是否在正确的方向上(使用git凭证帮助器)实现我的目标?
- 如果是,该如何解决X11问题?
- 还有其他快速且干净的方法可以通过版本控制在Docker中备份数据吗?
- 将ssh客户端添加到您的docker映像
- 注册密钥以提供者
- add ssh client to your docker image
- generate an ssh key and copy it to the image. The
ssh-agent
part is not needed - register the key to the provider
然后我再次尝试运行git-credential-libsecret get
.这次,它报告:
Then I try to run git-credential-libsecret get
again. This time, it reports that:
CRITICAL **: could not connect to Secret Service: Cannot autolaunch D-Bus without X11 $DISPLAY
最后,我想知道:
推荐答案
如果您的git提供程序支持带有公钥的ssh,我认为最简单的方法是切换到它们.您也不必复制密码.
If your git provider supports ssh with public keys, I think the easiest way would be to switch to them. You would also not have to copy around your password.
您需要:
这篇关于如何将凭据烘焙到git的docker映像中?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!