Use Git as Storage for Workspace ENTERPRISE
The files stored in the Workspace Git repository are all the stacks and all the security-critical policies within systems.
The directory structure is as follows:
├── metadata # security-critical policies for Systems
│ ├── a0300376/ # System 1 security-critical policies
│ ├── b1123455/ # System 2 security-critical policies
├── stacks # security-critical policies for Systems
│ ├── a0300376/ # Stack 1 contents
│ ├── b1123455/ # Stack 2 contents
To see the structure underneath the stacks
folder, see Git as Storage for Stack Policies.
Security-critical system policies are stored under metadata
to ensure that system owners cannot for example disable stacks for a system without administrative approval by changing the Labels
policy on that system. The remaining system policies are stored in potentially separate Git repositories; their structure can be found at Git as Storage for System Policies.
Git Configuration Options
The following shows how to configure Git for each Workspace individually.
- Under WORKSPACE, click the workspace name for which you want to save policies in Git.
- Click Settings tab.
- Click Git Repository.
Configure Git Authentication
The Styra DAS UI supports the HTTPS and SSH authentication for Git. You can navigate to the Git settings dialog and select the Git authentication mode HTTPS or SSH that will allow you to switch between the two authentication modes. The Git settings may have only one authentication mode selected per workspace level.
HTTPS
-
Git username (required): Your Git username.
-
Git secret (required): The secret corresponding to your Git username.
-
Git repository (required): A Git HTTPS URL to your Git repository. For example:
https://github.com/hooli/foo.git
. -
Git reference: Specify a tag or branch reference (defaults to
refs/heads/master
—themaster
branch). -
Git commit SHA: Specify a commit SHA.
-
Repository path: (Optional) The subdirectory where you want to save the policies.
SSH
-
SSH key (required): A private SSH key. For example: The contents of
~/.ssh/id_rsa
. -
SSH key passphrase: (Optional) The passphrase specified at the time the private SSH key was created.
-
Git repository (required): A Git SSH URL to your Git repository. For example:
git@github.com:hooli/foo.git
. -
Git reference: Specify a tag or branch reference (defaults to
refs/heads/master
—themaster
branch). -
Git commit SHA: Specify a commit SHA.
-
Repository path: (Optional) The subdirectory where you want to save the policies.
Click the Save changes button.
- Git reference and Git commit SHA are mutually exclusive, only one can be submitted per Git configuration.
- For SSH configuration, the corresponding SSH public key must be configured on the Git service (GitHub, Bitbucket, and so on) in order for authentication to work.
Configure GitHub Repositories
Use the following tips to find the required configuration for a GitHub repository.
-
Git secret: Styra recommends to use a GitHub Personal access token. You can generate a token at github.com/settings/token or by clicking through
Your-picture
and navigate to Settings >> Developer Settings >> Personal access tokens. -
Git repository: To create a new Git repository, navigate to your GitHub account and click the
+
button on the top-right corner of the page.-
To add a new repository, click the New repository button.
-
In the new repository, enter the name of your new repository in the Repository name field, the Description field is optional.
-
Select Public (anyone on the internet can see this repository. You can choose who can commit.) or Private (You choose who can see and commit to this repository.) based on your requirement.
-
Click the Create repository button.
-
-
SSH key: To create a SSH key and SSH key passphrase, see the GitHub SSH Key documentation page.
You can navigate to your repository on GitHub and click the Code button to see the clone options, such as HTTPS and SSH. Copy the HTTPS or SSH link to clone the Git repository.