Files

Paul Melnikow 8ad0b105b1 Make the config from env more obvious at first glance; explain cascading config (#3355 )

2019-04-23 13:57:23 -04:00

5.0 KiB

Raw Blame History

Server Secrets

It is possible to provide a token or credentials for a number of external services. These may be used to lift a rate limit or provide access to private resources from a self-hosted instance.

There are two ways of setting secrets:

Via environment variables. This is a good way to set them in a PaaS environment.

GH_TOKEN=...

Via checked-in config/local.yml:

private:
  gh_token: '...'

For more complex scenarios, configuration files can cascade. See the node-config documentation for details.

Azure DevOps

AZURE_DEVOPS_TOKEN (yml: azure_devops_token)

An Azure DevOps Token (PAT) is required for accessing private Azure DevOps projects.

Create a PAT using an account that has access to your target Azure DevOps projects. Your PAT only needs the following scopes:

Build (read)
Release (read)
Test Management (read)

Bintray

BINTRAY_USER (yml: bintray_user)
BINTRAY_API_KEY (yml: bintray_apikey)

The bintray API requires authentication Create an account and obtain a token from the user profile page.

Drone

DRONE_TOKEN (yml: drone_token)

The self-hosted Drone API requires authentication Login to your Drone instance and obtain a token from the user profile page.

GitHub

GH_TOKEN (yml: gh_token)

Because of Github rate limits, you will need to provide a token, or else badges will stop working once you hit 60 requests per hour, the unauthenticated rate limit.

You can create a personal access token through the Github website. When you create the token, you can choose to give read access to your repositories. If you do that, your self-hosted Shields installation will have access to your private repositories.

When a gh_token is specified, it is used in place of the Shields token rotation logic.

GH_CLIENT_ID (yml: gh_client_id)
GH_CLIENT_SECRET (yml: gh_client_secret)

These settings are used by shields.io for GitHub OAuth app authorization but will not be necessary for most self-hosted installations. See production-hosting.md.

Jenkins CI

JENKINS_USER (yml: jenkins_user)
JENKINS_PASS (yml: jenkins_pass)

Provide a username and password to give your self-hosted Shields installation access to a private Jenkins CI instance.

JIRA

JIRA_USER (yml: jira_user)
JIRA_PASS (yml: jira_pass)

Provide a username and password to give your self-hosted Shields installation access to a private JIRA instance.

Nexus

NEXUS_USER (yml: nexus_user)
NEXUS_PASS (yml: nexus_pass)

Provide a username and password to give your self-hosted Shields installation access to your private nexus repositories.

NPM

NPM_TOKEN (yml: npm_token)

Generate an npm token to give your self-hosted Shields installation access to private npm packages

Sentry

SENTRY_DSN (yml: sentry_dsn)

A Sentry DSN may be used to send error reports from your installation to Sentry.io. For more info, see the self hosting docs.

SymfonyInsight (formerly Sensiolabs)

SL_INSIGHT_USER_UUID (yml: sl_insight_userUuid)
SL_INSIGHT_API_TOKEN (yml: sl_insight_apiToken)

The SymfonyInsight API requires authentication. To obtain a token, Create an account, sign in and obtain a uuid and token from your account page.

SonarQube

SONARQUBE_TOKEN (yml: sonarqube_token)

Generate a token to give your self-hosted Shields installation access to a private SonarQube instance or private project on a public instance.

Wheelmap

WHEELMAP_TOKEN (yml: wheelmap_token)

The wheelmap API requires authentication. To obtain a token, Create an account, sign in and use the Authentication Token displayed on your profile page.

5.0 KiB Raw Blame History