Blame


1 5fb267cb 2024-09-08 op .\"
2 5fb267cb 2024-09-08 op .\" Copyright (c) 2024 Omar Polo <op@openbsd.org>
3 5fb267cb 2024-09-08 op .\"
4 5fb267cb 2024-09-08 op .\" Permission to use, copy, modify, and distribute this software for any
5 5fb267cb 2024-09-08 op .\" purpose with or without fee is hereby granted, provided that the above
6 5fb267cb 2024-09-08 op .\" copyright notice and this permission notice appear in all copies.
7 5fb267cb 2024-09-08 op .\"
8 5fb267cb 2024-09-08 op .\" THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
9 5fb267cb 2024-09-08 op .\" WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
10 5fb267cb 2024-09-08 op .\" MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
11 5fb267cb 2024-09-08 op .\" ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
12 5fb267cb 2024-09-08 op .\" WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
13 5fb267cb 2024-09-08 op .\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
14 5fb267cb 2024-09-08 op .\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
15 5fb267cb 2024-09-08 op .\"
16 5fb267cb 2024-09-08 op .Dd $Mdocdate$
17 5fb267cb 2024-09-08 op .Dt GOTD-SECRETS.CONF 5
18 5fb267cb 2024-09-08 op .Os
19 5fb267cb 2024-09-08 op .Sh NAME
20 5fb267cb 2024-09-08 op .Nm gotd-secrets.conf
21 5fb267cb 2024-09-08 op .Nd gotd secrets file
22 5fb267cb 2024-09-08 op .Sh DESCRIPTION
23 5fb267cb 2024-09-08 op .Nm
24 cebd4bee 2024-09-09 stsp contains authentication credentials for use with
25 5fb267cb 2024-09-08 op .Xr gotd 8
26 5fb267cb 2024-09-08 op notifications.
27 b4358cd0 2024-09-08 stsp This file must be owned by the root user and must not be readable
28 b4358cd0 2024-09-08 stsp by any other users.
29 5fb267cb 2024-09-08 op .Pp
30 5fb267cb 2024-09-08 op The file format is line-based, with one entry per line.
31 cebd4bee 2024-09-09 stsp Comments can appear at the start of a line using a hash mark
32 5fb267cb 2024-09-08 op .Pq Sq # ,
33 cebd4bee 2024-09-09 stsp and extend to the end of the line.
34 cebd4bee 2024-09-09 stsp Empty lines are ignored.
35 5fb267cb 2024-09-08 op .Pp
36 cebd4bee 2024-09-09 stsp Each entry consists of whitespace-separated tokens and defines a set
37 cebd4bee 2024-09-09 stsp of credentials.
38 cebd4bee 2024-09-09 stsp Any credential parameters containing whitespace should be surrounded
39 cebd4bee 2024-09-09 stsp by single or double quotes.
40 5fb267cb 2024-09-08 op .Pp
41 cebd4bee 2024-09-09 stsp Each set of credentials must be given a
42 cebd4bee 2024-09-09 stsp .Ar label
43 cebd4bee 2024-09-09 stsp which can be used to refer to credentials in
44 cebd4bee 2024-09-09 stsp .Xr gotd.conf 5 .
45 cebd4bee 2024-09-09 stsp This
46 cebd4bee 2024-09-09 stsp .Ar label
47 cebd4bee 2024-09-09 stsp must be unique among all credentials of the same type.
48 cebd4bee 2024-09-09 stsp .Pp
49 cebd4bee 2024-09-09 stsp The supported credential types and their parameters are:
50 5fb267cb 2024-09-08 op .Bl -tag -width Ds
51 6e1b28b6 2024-09-09 op .It Ic auth Ar label Ic user Ar user Ic password Ar password
52 cebd4bee 2024-09-09 stsp The
53 cebd4bee 2024-09-09 stsp .Ic auth
54 cebd4bee 2024-09-09 stsp type represents HTTP Basic Authentication credentials consisting of a
55 cebd4bee 2024-09-09 stsp .Ar user
56 cebd4bee 2024-09-09 stsp and a
57 cebd4bee 2024-09-09 stsp .Ar password .
58 6e1b28b6 2024-09-09 op .It Ic hmac Ar label Ar secret
59 cebd4bee 2024-09-09 stsp The
60 cebd4bee 2024-09-09 stsp .Ic hmac
61 cebd4bee 2024-09-09 stsp type represents shared secrets for use with HMAC signatures of HTTP
62 cebd4bee 2024-09-09 stsp request bodies.
63 6e1b28b6 2024-09-09 op A suitable
64 6e1b28b6 2024-09-09 op .Ar secret
65 6e1b28b6 2024-09-09 op can be generated with
66 5fb267cb 2024-09-08 op .Xr openssl 1
67 5fb267cb 2024-09-08 op as follows:
68 5fb267cb 2024-09-08 op .Pp
69 5fb267cb 2024-09-08 op .Dl $ openssl rand -base64 32
70 5fb267cb 2024-09-08 op .El
71 5fb267cb 2024-09-08 op .Pp
72 5fb267cb 2024-09-08 op .Sh FILES
73 5fb267cb 2024-09-08 op .Bl -tag -width Ds -compact
74 5fb267cb 2024-09-08 op .It Pa /etc/gotd-secrets.conf
75 5fb267cb 2024-09-08 op Location of the
76 5fb267cb 2024-09-08 op .Nm
77 5fb267cb 2024-09-08 op configuration file.
78 5fb267cb 2024-09-08 op .El
79 5fb267cb 2024-09-08 op .Sh EXAMPLES
80 cebd4bee 2024-09-09 stsp Define credentials for HTTP basic authentication and HMAC signatures:
81 5fb267cb 2024-09-08 op .Bd -literal -offset indent
82 5fb267cb 2024-09-08 op # /etc/gotd-secrets.conf
83 6e1b28b6 2024-09-09 op auth mochi user "flan" password "super-strong-password!"
84 5fb267cb 2024-09-08 op hmac hacker q0tcl8QhjYs7U75MW/2rwB30CpdbAhONkfLGxFHm/+8=
85 5fb267cb 2024-09-08 op .Ed
86 5fb267cb 2024-09-08 op .Pp
87 cebd4bee 2024-09-09 stsp These credentials can be referenced in
88 5fb267cb 2024-09-08 op .Xr gotd.conf 5
89 cebd4bee 2024-09-09 stsp as follows:
90 5fb267cb 2024-09-08 op .Bd -literal -offset indent
91 5fb267cb 2024-09-08 op # /etc/gotd.conf
92 6e1b28b6 2024-09-09 op repository "openbsd/src" {
93 6e1b28b6 2024-09-09 op path "/var/git/src.git"
94 6e1b28b6 2024-09-09 op permit rw :hackers
95 5fb267cb 2024-09-08 op
96 5fb267cb 2024-09-08 op notify {
97 cebd4bee 2024-09-09 stsp url https://example.com/ci/ auth mochi hmac hacker
98 5fb267cb 2024-09-08 op }
99 5fb267cb 2024-09-08 op }
100 5fb267cb 2024-09-08 op .El
101 5fb267cb 2024-09-08 op .Sh SEE ALSO
102 5fb267cb 2024-09-08 op .Xr got 1 ,
103 5fb267cb 2024-09-08 op .Xr gotsh 1 ,
104 5fb267cb 2024-09-08 op .Xr gotd.conf 5 ,
105 5fb267cb 2024-09-08 op .Xr gotd 8