ComputerSurge/shields
3
0
Fork 0
Code Pull Requests 1 Activity
Files
d96d8ae193213ff6f6166071fde1a0638bed2633
shields/doc/server-secrets.md
chris48s d96d8ae193 Document private/secret.json; affects [bower jira] (#2599) 
* don't use a libraries.io token for bower integration

The libraries.io docs claim you need to be authenticated
to make any API request: https://libraries.io/api#authentication

In practice we can call https://libraries.io/api/bower/jquery
just fine with no token and based on chucking a load of
requests at it and examining the `x-ratelimit-remaining`
headers you actually seem to get a better limit with no
authentication.

All of our libraries.io badges in `services/librariesio`
seem to have been running fine with no token for some time.


* change jira auth settings to jira_user, jira_pass

All the other services use servicename_user, servicename_pass

This switches JIRA to use that convention by preference
but supports _username and _password for legacy users.


* add docs for server secrets


* add danger rule for server-secrets.md

this rule prompts users to update server-secrets.md
if 'serverSecrets' is in the diff
2019-01-02 20:49:42 +00:00

3.3 KiB
Raw Blame History

Server Secrets

It is possible to provide a token or credentials for a number of external services. These may be used to lift a rate limit or provide access to private resources from a self-hosted instance.

Secrets can be set in private/secret.json. For example:

{
  "gh_token": "..."
}

Bintray

  • bintray_user
  • bintray_apikey

The bintray API requires authentication Create an account and obtain a token from the user profile page.

GitHub

  • gh_token

Because of Github rate limits, you will need to provide a token, or else badges will stop working once you hit 60 requests per hour, the unauthenticated rate limit.

You can create a personal access token through the Github website. When you create the token, you can choose to give read access to your repositories. If you do that, your self-hosted Shields installation will have access to your private repositories.

When a gh_token is specified, it is used in place of the Shields token rotation logic.

  • gh_client_id
  • gh_client_secret

These settings are used by shields.io for GitHub OAuth app authorization but will not be necessary for most self-hosted installations. See production-hosting.md.

Jenkins CI

  • jenkins_user
  • jenkins_pass

Provide a username and password to give your self-hosted Shields installation access to a private Jenkins CI instance.

JIRA

  • jira_user
  • jira_pass

Provide a username and password to give your self-hosted Shields installation access to a private JIRA instance.

For legacy reasons jira_username and jira_password are also supported but may be removed in future.

Nexus

  • nexus_user
  • nexus_pass

Provide a username and password to give your self-hosted Shields installation access to your private nexus repositories.

NPM

  • npm_token

Generate an npm token to give your self-hosted Shields installation access to private npm packages

Sentry

  • sentry_dsn

A Sentry DSN may be used to send error reports from your installation to Sentry.io. For more info, see the self hosting docs.

SymfonyInsight (formerly Sensiolabs)

  • sl_insight_userUuid
  • sl_insight_apiToken

The SymfonyInsight API requires authentication. To obtain a token, Create an account, sign in and obtain a uuid and token from your account page.

SonarQube

  • sonarqube_token

Generate a token to give your self-hosted Shields installation access to a private SonarQube instance or private project on a public instance.

Wheelmap

  • wheelmap_token

The wheelmap API requires authentication. To obtain a token, Create an account, sign in and use the Authentication Token displayed on your profile page.

View Git Blame Copy Permalink