authenticating for a module with a private github.com repo source

[kevinwsin]

Hello,

I'm trying to use a module sourced from a private github repo:

module "module-name" {
  source = "git::https://github.com/<org>/<repo>.git?ref=0.0.2"
}

but I get the following when Atlantis tries to run a plan:

- module.module-name
  Getting source "github.com/<org>/<repo>.git?ref=0.0.2"
Error downloading modules: Error loading modules: error downloading 'https://github.com/<org>/<repo>.git?ref=0.0.2': /usr/bin/git exited with 128: Cloning into '.terraform/modules/c8c0fdcb0c5f003da8e6dd67d5520576'...
fatal: could not read Username for 'https://github.com': No such device or address

I thought Atlantis would be able to use the same username and personal access token that it used to read the original github private repo.

Thanks in advance for the help!

[lkysow]

Hi Kevin,

I don't think Atlantis can use those secrets in this case because I don't know how to pass them to Terraform.
The solutions I know of:

1. Use a .gitconfig file in the /home/atlantis/.gitconfig that redirects the https urls, something like:

   [url "https://[email protected]"]
     insteadOf = https://github.com
   

2. Switch to ssh urls ex. [email protected]:hashicorp/example.git and ensure that the ssh config on the Atlantis server has the right keys.

[stephencoe]

I just ran into this, another possible way is to configure the git credentials.helper inside the environment / container

cat <<EOF > /credentials.sh
	#!/bin/bash
	echo username=\$ATLANTIS_GH_USER
	echo password=\$ATLANTIS_GH_TOKEN
EOF

git config --global credential.helper "/credentials.sh"

[kevinwsin]

Got it, thanks for the help everybody. Decided to add a SSH key for the atlantis github user.

[nikovirtala]

I hit this today. Luckily we pass the git credentials to Atlantis using environment variables, so I enabled git-credential-store helper and generated the /home/atlantis/.git-credentials credentials file on /usr/local/bin/docker-entrypoint.sh. But... This solution doesn't work if credentials are passed as arguments.

[sryabkov]

Related issue: #176

[sryabkov]

Possible implementation of passing the SSH key for a GitHub service account: https://gist.github.com/sryabkov/39f20f263c5edfa650522c6a2e9484b6

[djaboxx]

How are you supposed to do this with the Fargate Deployment?

[nikovirtala]

How are you supposed to do this with the Fargate Deployment?

You need to build a custom image where you configure the git client and credentials helper in a way that you're able to access your private repositories. For example, the solution @stephencoe presented above works perfectly fine also on Fargate. My solution too; I am running Atlantis on Fargate.

[chaseconey]

Seems like this is built in natively now based on #711 - just FYI.

[sryabkov]

As far as I can tell, #711 only supports HTTPS authentication via a GitHub token.