shaba/ostree
1
0
Fork 0
mirror of https://github.com/ostreedev/ostree.git synced 2025-01-05 13:18:17 +03:00
Code Issues Projects Releases Wiki Activity
cd308d5751
ostree/docs/authenticated-repos.md

29 lines
1.0 KiB
Markdown
Raw Normal View History

docs: Add authenticated-repos.md Document options for accessing repositories that require authentication.
2023-09-27 21:02:25 +03:00
---
nav_order: 9
---
# Handling access to authenticated remote repositories
{: .no_toc }
1. TOC
{:toc}
There is no default concept of an "ostree server"; ostree expects to talk to a generic webserver, so any tool and technique applicable for generic HTTP can also apply to fetching content via OSTree's builtin HTTP client.
## Using mutual TLS
The `tls-client-cert-path` and `tls-client-key-path` expose the underlying HTTP code for [mutual TLS](https://en.wikipedia.org/wiki/Mutual_authentication).
Each device can be provisioned with a secret key which grants it access to the webserver.
## Using basic authentication
The client supports HTTP `basic` authentication, but this has well-known management drawbacks.
## Using cookies
Since [this pull request](https://github.com/ostreedev/ostree/pull/531) ostree supports adding cookies to a remote configuration. This can be used with e.g. [Amazon CloudFront](https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/private-content-signed-cookies.html).
Reference in New Issue Copy Permalink