.\" Man page generated from reStructuredText.
.
.
.nr rst2man-indent-level 0
.
.de1 rstReportMargin
\\$1 \\n[an-margin]
level \\n[rst2man-indent-level]
level margin: \\n[rst2man-indent\\n[rst2man-indent-level]]
-
\\n[rst2man-indent0]
\\n[rst2man-indent1]
\\n[rst2man-indent2]
..
.de1 INDENT
.\" .rstReportMargin pre:
. RS \\$1
. nr rst2man-indent\\n[rst2man-indent-level] \\n[an-margin]
. nr rst2man-indent-level +1
.\" .rstReportMargin post:
..
.de UNINDENT
. RE
.\" indent \\n[an-margin]
.\" old: \\n[rst2man-indent\\n[rst2man-indent-level]]
.nr rst2man-indent-level -1
.\" new: \\n[rst2man-indent\\n[rst2man-indent-level]]
.in \\n[rst2man-indent\\n[rst2man-indent-level]]u
..
.TH "KAS-CREDENTIALS" "1" "Apr 10, 2024" "4.3.2" "kas"
.SH NAME
kas-credentials \- kas credential handling
.sp
kas provides various mechanisms to inject credentials into the build.
By using \fI\%Environment Variables\fP, a fine grained control is possible. All
credentials are made available both to KAS, as well as inside the build
environment. However, not all mechanisms are natively supported by all tools.
As kas might need to modify credentials and config files, these are copied
into the isolated environment first. One exception is the SSH folder, where
changes are only performed if not yet present on the host.
.sp
For details about credential related environment variables,
see \fBkas(1)\fP\&.
.SH AWS CONFIGURATION
.sp
For AWS, both conventional AWS config files as well as the environment
variable controlled OAuth 2.0 workflow are supported. Note, that KAS
internally rewrites the \fBAWS_*\fP environment variables into a AWS
config file to also support older versions of bitbake.
.SH GIT CONFIGURATION
.sp
A \fB\&.gitconfig\fP file can be used to provide credentials as well as
url rewrites of git repositories (\fBinsteadof\fP). To support the patching
of git repositories, kas injects a \fB[user]\fP section, possibly overwriting
an existing one. When running in the Github CI, the \fB\&.gitconfig\fP file is
automatically injected. In addition, credential helpers can be used by
setting the corresponding environment variables. These are added to the
\fB\&.gitconfig\fP file as well.
.SH NETRC FILE
.sp
A \fB\&.netrc\fP file can be used to provide credentials for git or the
HTTP(S) / FTP fetcher. When running in the Gitlab CI, the \fBCI_JOB_TOKEN\fP
is appended to automatically grant access to repositories that can be
accessed by the user that triggered the CI pipeline.
.SH SSH
.sp
The ssh folder of the calling user is automatically shared with kas. This
is currently not controllable, as ssh does not obey the \fB$HOME\fP variable.
This can be used to inject both credentials, as well as ssh configuration
items into the kas environment.
.sp
\fBNOTE:\fP
.INDENT 0.0
.INDENT 3.5
Modifications to the \fB\&.ssh/config\fP file are only performed if the file
is not present yet.
.UNINDENT
.UNINDENT
.sp
In addition, an external ssh\-agent can be made available in the kas
environment by setting the \fBSSH_AUTH_SOCK\fP environment variable.
As an alternative, ssh private keys can be added to an internal ssh agent
by setting \fBSSH_PRIVATE_KEY\fP or \fBSSH_PRIVATE_KEY_FILE\fP\&.
.sp
\fBNOTE:\fP
.INDENT 0.0
.INDENT 3.5
The use of an external ssh agent cannot be combined with options that
require an internal ssh agent.
.UNINDENT
.UNINDENT
.SH KAS
.sp
Part of the \fBkas(1)\fP suite.
.SH AUTHOR
Daniel Wagner, Jan Kiszka, Claudius Heine
.SH COPYRIGHT
Siemens AG, 2017-2024
.\" Generated by docutils manpage writer.
.