rancher
/
fleet-docs
mirror of https://github.com/rancher/fleet-docs.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Clarify instructions for creating Github App secret 

Sourcing a private key through a literal is less decoding error-prone
than doing it through a file, as evidenced by recent tests.
This commit is contained in:
Corentin Néau 2025-10-20 12:02:24 +02:00
parent bcaf830ae7
commit 7fcde83b3b
No known key found for this signature in database
GPG Key ID: 4E10825BFE040608
1 changed files with 7 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
docs/gitrepo-add.md
View File

@ -187,9 +187,15 @@ With the necessary data at hand, create a secret containing those fields:
kubectl -n namespace-of-your-gitrepo create secret generic github-app-secret \ kubectl -n namespace-of-your-gitrepo create secret generic github-app-secret \
--from-literal=github_app_id=<app-id> \ --from-literal=github_app_id=<app-id> \
--from-literal=github_app_installation_id=<installation-id> \ --from-literal=github_app_installation_id=<installation-id> \
--from-file=github_app_private_key=<path-to-private-key-file> --from-literal=github_app_private_key="<private-key>"
``` ```
Using a literal instead of a file for the private key can help prevent PEM decoding errors at execution time.
Before creating the secret, the private key can be sourced from a file exporting environment variable, to prevent the
key itself from appearing in shell history.
Surrounding the value, or the environment variable name (e.g. `--from-literal=github_app_private_key="$MY_VAR"`) with
double quotes ensures that its full contents are taken into account, including possible line breaks.
Make sure you reference that secret in your GitRepo resource via `clientSecretName`. Make sure you reference that secret in your GitRepo resource via `clientSecretName`.
### Using Custom CA Bundles ### Using Custom CA Bundles