Buildpacks
/
lifecycle-private
mirror of https://github.com/buildpacks/lifecycle-private.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
lifecycle-private/auth
History
Natalie Arellano 267025743f Fix auth by wrapping keychain in a ResolvedKeychain 
Prior to https://github.com/buildpacks/lifecycle/pull/1315, all keychains
passed to NewMultiKeychain were resolved keychains,
which prevented the credentials from becoming inaccessible after the lifecycle dropped privileges.

Signed-off-by: Natalie Arellano <narellano@vmware.com>
 		2024-04-10 10:48:33 -04:00
..
README.md
keychain.go
keychain_test.go

README.md

auth

Skipping Vendor Specific Keychains

The auth package has configuration available to skip vendor specific keychain implementations. If you are a platform handling credentials yourself, you may want to skip loading these keychains. This can improve performance as the helpers automatically get invoked based on the hosting environment and the registries being interacted with.

Set any of the following to true to skip loading the vendor keychain.

CNB_REGISTRY_AUTH_KEYCHAIN_SKIP_AMAZON - set to skip Amazon/AWS's ECR credhelper. CNB_REGISTRY_AUTH_KEYCHAIN_SKIP_AZURE - set to skip Microsoft/Azure's ACR credhelper