This page is not created by, affiliated with, or supported by Slack Technologies, Inc.
2022-04-21
Channels
- # announcements (14)
- # aws (8)
- # babashka (3)
- # babashka-sci-dev (41)
- # beginners (78)
- # calva (15)
- # cider (9)
- # clj-commons (10)
- # clj-kondo (5)
- # cljs-dev (8)
- # clojure (47)
- # clojure-bay-area (3)
- # clojure-europe (13)
- # clojure-nl (2)
- # clojure-norway (15)
- # clojure-uk (13)
- # clojured (2)
- # clojurescript (20)
- # conjure (29)
- # cursive (4)
- # emacs (19)
- # events (3)
- # funcool (13)
- # hyperfiddle (16)
- # jobs (2)
- # lsp (4)
- # malli (13)
- # meander (1)
- # missionary (2)
- # nrepl (7)
- # off-topic (68)
- # other-languages (82)
- # polylith (1)
- # reagent (28)
- # reitit (12)
- # releases (3)
- # remote-jobs (5)
- # ring (27)
- # sci (6)
- # shadow-cljs (9)
- # spacemacs (2)
- # sql (10)
- # tools-deps (10)
- # vim (10)
What's the current best practice to get github credentials to an EC2 instance? I need to pull from private github repos. My current thinking is: Put the github ssh private key into Secrets Manager, restrict it's access to a IAM role that you give to the instance profile of the EC2 instance, then run a script on the instance that fetches the secret and saves it
So, each team member that requires access has to generate a new key pair used only for access to the bastion instance. The same key is added to GH to allow pull/push. And lastly, we have a cloudinit template that creates ~/.ssh/authorized_keys
for each user automatically on instance creation. So don't need to worry about private keys really, as long as individuals take care of securing them on their end.
If there's a user on behalf of whom you're doing the clone then OAuth is a common choice
So github deploy keys would be added for each project for each user that works on it right?