Skip to main content

Use Git as Storage for Workspace

The files stored in the Workspace Git repository are all the stacks and all of the security-critical policies within systems.

The directory structure is as follows:

โ”œโ”€โ”€ metadata        # security-critical policies for Systems
โ”‚ โ”œโ”€โ”€ a0300376/ # System 1 security-critical policies
โ”‚ โ”œโ”€โ”€ b1123455/ # System 2 security-critical policies
โ”œโ”€โ”€ stacks # security-critical policies for Systems
โ”‚ โ”œโ”€โ”€ a0300376/ # Stack 1 contents
โ”‚ โ”œโ”€โ”€ b1123455/ # Stack 2 contents

To see the structure underneath the stacks folder, see Git as Storage for Stack Policies.

Security-critical system policies are stored under metadata to ensure that system owners cannot for example disable stacks for a system without administrative approval by changing the Labels policy on that system. The remaining system policies are stored in potentially separate Git repositories; their structure can be found at Git as Storage for System Policies.

Git Configuration Options

The following shows how to configure Git for each Workspace individually.

  • Under WORKSPACE, click the workspace name for which you want to save policies in Git.
  • Click Settings tab.
  • Click Git Repository.

Configure Git Authentication

The Styra DAS UI supports the HTTPS and SSH authentication for Git. You can navigate to the Git settings dialog and select the Git authentication mode HTTPS or SSH that will allow you to switch between the two authentication modes. The Git settings may only have one authentication mode selected per workspace level.

HTTPS

  • Git username (required): Your Git username.

  • Git secret (required): The secret corresponding to your Git username.

  • Git repository (required): A Git HTTPS URL to your Git repository. For example: https://github.com/hooli/foo.git.

  • Git reference: Specify a tag or branch reference (defaults to refs/heads/masterโ€”the master branch).

  • Repository path: (Optional) The subdirectory where you want to save the policies.

SSH

  • SSH keyย (required): A private SSH key. For example: The contents of ~/.ssh/id_rsa.

  • SSH key passphrase: (Optional) The passphrase specified at the time the private SSH key was created.

  • Git repository (required): A Git SSH URL to your Git repository. For example: git@github.com:hooli/foo.git.

  • Git reference: Specify a tag or branch reference (defaults to refs/heads/masterโ€”the master branch).

  • Repository path: (Optional) The subdirectory where you want to save the policies.

Click the Save changes button.

note

The corresponding SSH public key must be configured on the Git service (GitHub, Bitbucket, and so on) in order for authentication to work.

Configure GitHub Repositories

Use the following tips to find the required configuration for a GitHub repository.

  • Git secret: Styra recommends to use a GitHub Personal access token. You can generate a token at github.com/settings/token or by clicking through Your-picture and navigate to Settings >> Developer Settings >> Personal access tokens.

  • Git repository: To create a new Git repository, navigate to your GitHub account and click the + button on the top-right corner of the page.

    • To add a new repository, click the New repository button.

    • In the new repository, enter the name of your new repository in the Repository name field, the Description field is optional.

    • Select Public (anyone on the internet can see this repository. You can choose who can commit.) or Private (You choose who can see and commit to this repository.) based on your requirement.

    • Click the Create repository button.

  • SSH key: To create a SSH key and SSH key passphrase, see the GitHub page.

tip

You can navigate to your repository on GitHub and click the Code button to see the clone options, such as HTTPS and SSH. Copy the HTTPS or SSH link to clone the Git repository.