To simplify management process and reduce complex permission system between users and available projects, Reposilite does not define such entities. The only source of truth is personal access token with associated metadata.
The generalized token structure is presented below:
Access Token {
Identifier { # Unique identifier of each token
Id, # Numeric value
Type # Type of token, enum: PERSISTENT, TEMPORARY
}
Name # Token name
Secret # Encrypted secret using BCrypt function
Created At # Creation date
Description # Token description
Permissions [ # List of access token permissions
Access Token Permission # Enum: MANAGER (m)
]
Routes [ # List of routes associated with access token
Route {
Path # Path identifier
Route Permission # Enum: READ (r), WRITE (w)
}
]
}
This guide covers only raw access token, that by default, does not have access to any path in any repository. When you'll generate your tokens, go to Guide / Routes to learn more about paths management.
Name | Shortcut | Description |
---|---|---|
MANAGER | m | Marks token as manager's (admin) token, grants full access to any path in the repository and allows you to access remote CLI through the dashboard |
You can generate command via CLI (in terminal or web console):
$ token-generate [--secret=<secret>] <name> [<permissions>]
secret
is optional and it's recommended to let Reposilite generate strong password,
but it might be useful for some people that want to migrate from Reposilite 2.x or other repository manager.
permissions
is optional list of token permissions. Currently, you can define only one,
which is management permission. You have to use permissions shortcuts.
For bootstrapping your permissions setup, or fixing a broken one, you may have to use a temporary manager token. Via the --token root:root-secret
command line parameter to your Reposilite instance, you can create a manager token named root
with the secret root-secret
. This token will not be persisted in the database and cease to exist if the Reposilite process is restarted without the command line option.
If you're confused about your first auth configuration, you may find this video helpful:
Reposilite allows you to export your tokens to JSON file, so you can backup them or exchange between instances.
You can do this using token-export <file>
and token-import <file>
commands as follows:
$ token-export tokens.json
3 token(s) found.
All tokens have been exported to $working-directory/tokens.json in JSON format.
By default Reposilite puts the file in your working directory, but you can also specify an absolute path. To import such JSON file, just specify it in the import command:
$ token-import tokens.json
Importing 3 token(s) from $working-directory/tokens.json file:
Access token 'token-0' has been imported.
Access token 'token-1' has been imported.
Access token 'token-2' has been imported.
Commands related to tokens you may find useful:
$ tokens
14:13:41.456 INFO | Tokens (1)
14:13:41.456 INFO | - root:
14:13:41.456 INFO | > ~ no routes ~
$ token-revoke root
14:20:03.834 INFO | Token for 'root' has been revoked
$ token-rename root super-user
14:28:47.502 INFO | Token name has been changed from 'root' to 'super-user'
$ token-modify super-user m
14:30:26.320 INFO | Permissions have been changed from '[]' to 'm'
$ token-regenerate super-user
16:49:45.211 INFO | New secret for 'test': 4n1NAKgAuzqdZ+mS/OIhqdpqjTyjI78OkgC/Yym5+3vGoXaefYQ2DKqK14c80xNl
Did you found a misleading and deprecated content, or maybe you just feel this section misses important elements?
Copyright © 2022 dzikoysk with ❤ panda-lang