Data

Tools

Indexes

Applications

Experiments

Open Source Science

https://github.com/bayer-group/terraform-aws-autoken

:lock: GitHub Action for short lived credentials to access resources in CI/CD

https://github.com/bayer-group/terraform-aws-autoken

Science Score: 26.0%

This score indicates how likely this project is to be science-related based on various indicators:

  • CITATION.cff file
  • codemeta.json file
    Found codemeta.json file
  • .zenodo.json file
    Found .zenodo.json file
  • DOI references
  • Academic publication links
  • Committers with academic emails
  • Institutional organization owner
  • JOSS paper metadata
  • Scientific vocabulary similarity
    Low similarity (12.0%) to scientific vocabulary

Keywords

artifactory credentials github-actions oidc sonarqube

Keywords from Contributors

interactive archival projection generic sequences observability autograding hacking shellcodes modular
Last synced: 5 months ago · JSON representation

Repository

:lock: GitHub Action for short lived credentials to access resources in CI/CD

Basic Info
Statistics
  • Stars: 2
  • Watchers: 2
  • Forks: 0
  • Open Issues: 0
  • Releases: 5
Topics
artifactory credentials github-actions oidc sonarqube
Created over 2 years ago · Last pushed about 1 year ago
Metadata Files
Readme Contributing License Codeowners Security

README.md

autoken

Short-lived tokens for development platforms
enabling effortless integration using GitHub Actions

Want to set up user agnostic automation? Do you want to comply with credential rotation requirements? This takes care of all these points by validating access during a GitHub Actions run and granting a temporary token only for the active run. You never need to rotate your tokens again!

Deploy Terraform

:warning: When running Autoken as an admin, make sure to familiarize yourself with the Secure Operations for Autoken information.

Use the Terraform module to deploy Autoken to your AWS account. Provide your GitHub organization and Artifactory / SonarQube information as needed.

``` module "autoken" { source = "bayer-group/autoken/aws" version = "1.0.0" # to current version

permittedgithubowner = "bayer-group"

apiurlartifactory = "https://artifactory.your-company.com" admintokenartifactory = ${var.admintokenartifactory} apiurlsonarqube = "https://sonarqube.your-company.com/api" admintokensonarqube = ${var.admintokensonarqube} } ```

See the Terraform Module docs.

Usage

The GitHub Action bayer-group/terraform-aws-autoken can be used within a pipeline. Depending on the platform it brokeres credentials for, it grants access based on metadata and specific configuration.

SonarQube

You GitHub Actions pipeline could use the following steps for integrating with SonarQube:

- uses: bayer-group/terraform-aws-autoken@v1 with: platform: 'sonarqube' - uses: sonarsource/sonarqube-scan-action@v2

The bayer-group/autoken action retrieves a temporary token for SonarQube and the scan action sonarsource/sonarqube-scan-action is able to use this token directly to perform and report the scan.

Autoken only grant access via a token if the according SonarQube project specifies the requesting GitHub repository as its connected repo.

Artifactory

To integrate with Artifactory, you could use a GitHub Actions pipeline with the following steps. ARTIFACTORY_REGISTRY still has to be provided by the developer, as it varies based on the repository you are looking to connect to.

- uses: bayer-group/terraform-aws-autoken@v1 with: platform: 'artifactory' - run: echo $ARTIFACTORY_TOKEN | docker login https://${ARTIFACTORY_REGISTRY} --username ${ARTIFACTORY_USER} --password-stdin - run: | docker build . --tag ${TAG} docker push ${TAG}

For every GitHub Repository, bayer-group/terraform-aws-autoken maintains a transient bot user in Artifactory. Upon calling the action, autoken retrieves short-lived credentials for this transient user. Developers can grant this bot user permissions within Artifactory as they like and the credentials granted by Autoken will reflect those.

Architecture

See the architecture documentation for further information on how Autoken is set up.

Contributing

We are very open for community improvements of Autoken! Take a look out our contribution information, if you are looking to contributue to this project.

Owner

  • Name: Bayer Open Source
  • Login: Bayer-Group
  • Kind: organization

Science for a better life

GitHub Events

Total
  • Delete event: 4
  • Push event: 3
  • Pull request review event: 3
  • Pull request event: 9
  • Create event: 4
Last Year
  • Delete event: 4
  • Push event: 3
  • Pull request review event: 3
  • Pull request event: 9
  • Create event: 4

Committers

Last synced: 10 months ago

All Time
  • Total Commits: 13
  • Total Committers: 2
  • Avg Commits per committer: 6.5
  • Development Distribution Score (DDS): 0.462
Past Year
  • Commits: 4
  • Committers: 1
  • Avg Commits per committer: 4.0
  • Development Distribution Score (DDS): 0.0
Top Committers
Name Email Commits
dependabot[bot] 4****] 7
Tim Jonas Meinerzhagen 3****n 6

Issues and Pull Requests

Last synced: 6 months ago

All Time
  • Total issues: 0
  • Total pull requests: 17
  • Average time to close issues: N/A
  • Average time to close pull requests: 8 days
  • Total issue authors: 0
  • Total pull request authors: 2
  • Average comments per issue: 0
  • Average comments per pull request: 0.18
  • Merged pull requests: 13
  • Bot issues: 0
  • Bot pull requests: 16
Past Year
  • Issues: 0
  • Pull requests: 9
  • Average time to close issues: N/A
  • Average time to close pull requests: about 3 hours
  • Issue authors: 0
  • Pull request authors: 1
  • Average comments per issue: 0
  • Average comments per pull request: 0.0
  • Merged pull requests: 8
  • Bot issues: 0
  • Bot pull requests: 9
View more stats
Top Authors
Issue Authors
Pull Request Authors
  • dependabot[bot] (20)
  • timmeinerzhagen (1)
Top Labels
Issue Labels
Pull Request Labels
dependencies (20) javascript (1)

Dependencies

.github/workflows/test.yml actions
  • actions/checkout 8ade135a41bc03ea155e62e844d188df1ea18608 composite
  • actions/setup-node 5e21ff4d9bc1a8cf6de233a3057d20ec6b3fb69d composite
.github/workflows/tfsec.yml actions
  • actions/checkout 8ade135a41bc03ea155e62e844d188df1ea18608 composite
  • aquasecurity/tfsec-pr-commenter-action 7a44c5dcde5dfab737363e391800629e27b6376b composite
  • hashicorp/setup-terraform 633666f66e0061ca3b725c73b2ec20cd13a8fdd1 composite
action.yml actions
  • functions/dist/action-token.js node20 javascript
functions/package-lock.json npm
  • 448 dependencies
functions/package.json npm
  • @types/isomorphic-fetch ^0.0.37 development
  • @types/jest ^29.5.5 development
  • @types/node ^20.8.3 development
  • @typescript-eslint/eslint-plugin ^6.7.4 development
  • @typescript-eslint/parser ^6.7.4 development
  • esbuild ^0.19.4 development
  • eslint ^8.51.0 development
  • jest ^29.7.0 development
  • jest-sonar ^0.2.16 development
  • node ^21.1.0 development
  • ts-jest ^29.1.1 development
  • typescript ^5.2.2 development
  • @actions/core ^1.10.1
  • aws-sdk ^2.1472.0
  • axios ^1.5.1
  • isomorphic-fetch ^3.0.0
  • node-fetch ^3.3.2
  • uuid ^9.0.1