如何将凭证烘焙到 git 的 docker 映像中? [英] How to bake credential into docker image for git?
问题描述
这实际上是我之前的一个问题一个.
This is actually a question following from my previous one.
我正在尝试使用 docker 来托管个人笔记网络服务,并希望备份该服务生成的数据(我的笔记).目前我计划使用 git 来提交、拉取和推送到我的目的.
I am trying to use docker to host a personal note-taking web service and want to backup data generated by the service (my notes). Currently I plan to use git to commit, pull, and push to a repository for my purpose.
要执行 git pull 和 push,我的 docker 映像需要托管我的凭据.实现这一目标的最简单但安全的方法是什么?
To do git pull and push, my docker image needs to host my credentials. What is the easiest yet safe way to achieve this?
到目前为止我所做的:
- 我选择
Alpine
作为我的服务图像的基础图像. - 因为我只需要 git 的凭据,所以我认为将 git 凭据助手放入图像可能会解决我的问题.我可以在构建期间将凭据保存到帮助程序并在运行时使用它们.
- 根据 这篇文章.
- 我已经安装了
libsecret
并将我的 git credential helper 设置为git-credential-libsecret
- I choose
Alpine
as the base image of the image of my service. - Because I only need credentials for git, I think put a git credential helper into the image may solve my problem. I can save credentials to the helper during the build time and use them during runtime.
- I googled a while and decided to use
libsecret
as my git credential helper, according to this article. - I have installed
libsecret
and set my git credential helper to begit-credential-libsecret
但是,到目前为止,我无法使 git-credential-libsecret
发挥作用.以下是我遇到的几个问题:
However, I cannot make git-credential-libsecret
functional so far. Here are a couple of problems that I encountered:
首先,我测试了
git-credential-libsecret get
并得到以下错误:
CRITICAL **:无法连接到 Secret Service:无法在没有机器 ID 的情况下生成消息总线:无法加载/var/lib/dbus/machine-id 或/etc/machine-id:失败打开文件 */var/lib/dbus/machine-id*: No such file or directory
- 我(可能?)通过安装
dbus
并运行dbus-uuidgen > 解决了这个问题./var/lib/dbus/machine-id
- 我尝试安装
dbus-x11
并运行dbus-launch --sh-syntax
(从这里)但这次没有运气.错误继续. - I tried to install
dbus-x11
and rundbus-launch --sh-syntax
(from here) but with no luck this time. The error continues. - 我是否朝着正确的方向(使用 git 凭证助手)来实现我的目标?
- 如果是,我该如何解决 X11 问题?
- 是否有其他快速、干净的方法可以通过版本控制在 docker 中备份数据?
- add ssh client to your docker image
- generate an ssh key and copy it to the image. The
ssh-agent
part is not needed - register the key to the provider
然后我尝试再次运行 git-credential-libsecret get
.这一次,它报告说:
Then I try to run git-credential-libsecret get
again. This time, it reports that:
关键**:无法连接到特勤局:没有 X11 $DISPLAY 无法自动启动 D-Bus
最后,我想知道:
推荐答案
如果您的 git 提供程序支持使用公钥的 ssh,我认为最简单的方法是切换到它们.您也不必复制您的密码.
If your git provider supports ssh with public keys, I think the easiest way would be to switch to them. You would also not have to copy around your password.
您需要:
这篇关于如何将凭证烘焙到 git 的 docker 映像中?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!