|
| 1 | +# Private Repositories |
| 2 | + |
| 3 | +## Credentials |
| 4 | + |
| 5 | +If application manifests are located in private repository then repository credentials have to be configured. Argo CD supports both HTTP and SSH Git credentials. |
| 6 | + |
| 7 | +### HTTP Username And Password Credential |
| 8 | + |
| 9 | +Private repositories that require a username and password typically have a URL that start with "https://" rather than "git@" or "ssh://". |
| 10 | + |
| 11 | +Credentials can be configured using Argo CD CLI: |
| 12 | + |
| 13 | +```bash |
| 14 | +argocd repo add https://github.com/argoproj/argocd-example-apps --username <username> --password <password> |
| 15 | +``` |
| 16 | + |
| 17 | +or UI: |
| 18 | + |
| 19 | +1. Navigate to `Settings/Repositories` |
| 20 | +1. Click `Connect Repo` button and enter HTTP credentials |
| 21 | + |
| 22 | + |
| 23 | + |
| 24 | +#### Access Token |
| 25 | + |
| 26 | +Instead of using username and password you might use access token. Following instructions of your Git hosting service to generate the token: |
| 27 | + |
| 28 | +* [Github](https://help.github.com/en/articles/creating-a-personal-access-token-for-the-command-line) |
| 29 | +* [Gitlab](https://docs.gitlab.com/ee/user/project/deploy_tokens/) |
| 30 | +* [Bitbucket](https://confluence.atlassian.com/bitbucketserver/personal-access-tokens-939515499.html) |
| 31 | + |
| 32 | +Then, connect the repository using an empty string as a username and access token value as a password. |
| 33 | + |
| 34 | +### SSH Private Key Credential |
| 35 | + |
| 36 | +Private repositories that require an SSH private key have a URL that typically start with "git@" or "ssh://" rather than "https://". |
| 37 | + |
| 38 | +The Argo CD UI don't support configuring SSH credentials. The SSH credentials can only be configured using the Argo CD CLI: |
| 39 | + |
| 40 | +``` |
| 41 | +argocd repo add [email protected]:argoproj/argocd-example-apps.git --ssh-private-key-path ~/.ssh/id_rsa |
| 42 | +``` |
| 43 | + |
| 44 | +## Self-Signed Certificates |
| 45 | + |
| 46 | +If you are using self-hosted Git hosting service with the self-signed certificate then you need to disable certificate validation for that Git host. |
| 47 | +Following options are available: |
| 48 | + |
| 49 | +Add repository using Argo CD CLI and `--insecure-ignore-host-key` flag: |
| 50 | + |
| 51 | + |
| 52 | +```bash |
| 53 | +argocd repo add [email protected]:argoproj/argocd-example-apps.git --ssh-private-key-path ~/.ssh/id_rsa |
| 54 | +``` |
| 55 | + |
| 56 | + The flag disables certificate validation only for specified repository. |
| 57 | + |
| 58 | +!!! warning |
| 59 | + The `--insecure-ignore-host-key` flag does not work for HTTPS Git URLs. See [#1513](https://github.com/argoproj/argo-cd/issues/1513). |
| 60 | + |
| 61 | +You can add Git service hostname to the `/etc/ssh/ssh_known_hosts` in each Argo CD deployment and disables cert validation for Git SSL URLs. For more information see |
| 62 | +[example](https://github.com/argoproj/argo-cd/tree/master/examples/known-hosts) which demonstrates how `/etc/ssh/ssh_known_hosts` can be customized. |
| 63 | + |
| 64 | +!!! note |
| 65 | + The `/etc/ssh/ssh_known_hosts` should include Git host on each Argo CD deployment as well as on a computer where `argocd repo add` is executed. After resolving issue |
| 66 | + [#1514](https://github.com/argoproj/argo-cd/issues/1514) only `argocd-repo-server` deployment has to be customized. |
| 67 | + |
| 68 | +## Declarative Configuration |
| 69 | + |
| 70 | +See [declarative setup](../operator-manual/declarative-setup#Repositories) |
| 71 | + |
0 commit comments