Comments (4)
We wouldn't want to add a feature for only one platform. If it uses a standardized process that is supported on many platforms then it would be fine
from octokit.js.
👋 Hi! Thank you for this contribution! Just to let you know, our GitHub SDK team does a round of issue and PR reviews twice a week, every Monday and Friday! We have a process in place for prioritizing and responding to your input. Because you are a part of this community please feel free to comment, add to, or pick up any issues/PRs that are labled with Status: Up for grabs
. You & others like you are the reason all of this works! So thank you & happy coding! 🚀
from octokit.js.
PS, this seems related to:
from octokit.js.
So, after digging into this, it looks like this might a documentation opportunity rather than a bug, as it's more to do with a limitation of the Azure Key Vault and the guideines in the GitHub documentation.
Going back to the drawing board and trying to store the private key as a secret - not a key - in AKV seems to work. But there's a catch: the RSA private key you download for the GitHub app needs to be encoded as a base64
string before it's added as an AKV secret.
Here's the TL;DR of what you need to do to get it to work:
-
Download the
.pem
file from the GitHub app settings. -
Go to your terminal, and navigate to the directory where the
.pem
file is located. -
Run the following command to convert the
.pem
file to a base64 string:cat <your-private-key>.pem | base64
-
Copy the
base64
encoded string from the terminal output and store it as a secret in the Azure Key Vault. Assign it a descriptive name in AKV, and provide that name in the function app (below I store it as an env variable.) -
Retrieve the secret from the Azure Key Vault in the Azure Function app and decode it from
base64
to anascii
string with the following code:
const vaultName = process.env.KEY_VAULT_NAME;
const keyName = process.env.KEY_NAME;
const appId = process.env.APP_ID;
const vaultURL = `https://${vaultName}.vault.azure.net`;
const credential = new DefaultAzureCredential();
const client = new SecretClient(vaultURL, credential);
const secretBundle = await client.getSecret(keyName);
const privateKeyString = Buffer.from(secretBundle.value, 'base64').toString('ascii');
const octokit = new Octokit({
authStrategy: createAppAuth,
auth: { appId, privateKey: privateKeyString, installationId },
});
BUT, that being said, it would be interesting to find out if there's any opportunity to add a new feature to Octokit that would allow users to pass the key object from AKV to the new Octokit
instance in the app to authenticate it?
It would be good to get the 2cents of the Octokit team on this. Specifically to find what the appetite for this would be with respect to i) whether or not enough users have a desire for this feature, and ii) whether the API/Octokit product and engineering teams see this as something that's worth the time/effort.
from octokit.js.
Related Issues (20)
- [BUG]: rest.packages.listPackagesForOrganization return 400 Invalid argument with package type 'container' HOT 2
- Any auth flow currently supported for SPA without backend? HOT 3
- Web3 HOT 1
- [BUG]: Cannot create new commit with Octokit HOT 3
- Merge HOT 1
- [DOCS(readme)]: Missing Required Parameter `issue_number` in `issues.createComment ` HOT 2
- [BUG]: No Significant Difference with @octokit Submodules HOT 6
- [BUG]: Unable to get latest deployment for a workflow deployed to an environment HOT 1
- [FEAT]: notifications: filter done/undone HOT 2
- [BUG]: {"error":"Cannot read properties of undefined (reading 'getWebFlowAuthorizationUrl')"} HOT 1
- [BUG]: [@octokit/request-error] `error.code` is deprecated, use `error.status`. HOT 2
- [BUG]: CJS Loader "Unexpected token '{'" HOT 3
- [FEAT]: Do we have the CJS version? If not, are we considering supporting CJS? HOT 5
- Issues with Search REST API: Special Characters Handling HOT 1
- [BUG]: Octokit 4 can't be `import`ed or `require`d HOT 6
- [BUG]: Octokit v4 types HOT 8
- [BUG]: [Nestjs] [ERR_REQUIRE_ESM]: require() of ES Module not supported HOT 3
- @octokit/types is no longer available after 4.0.0 HOT 13
- [FEAT]: A way to prevent auth token being shown to the user, and redirect instead? HOT 3
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from octokit.js.