Git credential helpers for Infrahub. These tools allow git processes to authenticate against repositories managed by Infrahub by fetching credentials from the Infrahub GraphQL API.
A git credential helper that implements the get and store subcommands. When git needs credentials for a remote, this helper queries Infrahub for the repository's stored credentials.
Requires credential.useHttpPath to be enabled:
git config --global credential.useHttpPath trueA GIT_ASKPASS helper. When git needs a username or password, it calls this program with a prompt string and reads the response from stdout.
Configuration is resolved in the following order:
| Setting | Environment Variable | TOML Config | Default |
|---|---|---|---|
| Server address | INFRAHUB_INTERNAL_ADDRESS |
[main].internal_address |
- |
| API token | INFRAHUB_API_TOKEN |
- | None |
| Config file path | INFRAHUB_CONFIG |
- | infrahub.toml |
| Username | INFRAHUB_USERNAME |
- | None |
| Password | INFRAHUB_PASSWORD |
- | None |
| Timeout (seconds) | INFRAHUB_TIMEOUT |
- | 30 |
| Proxy | INFRAHUB_PROXY |
- | None |
| Skip TLS verification | INFRAHUB_TLS_INSECURE |
- | false |
| Custom CA certificate | INFRAHUB_TLS_CA_FILE |
- | None |
Authentication supports two methods:
- Token auth: set
INFRAHUB_API_TOKEN— sent asX-INFRAHUB-KEYheader - Password auth: set
INFRAHUB_USERNAMEandINFRAHUB_PASSWORD— logs in via/api/auth/loginto obtain a bearer token
Both binaries also accept --config-file <path> to override the config file path.
Environment variables take precedence over TOML values.
cargo build --releaseBinaries are output to target/release/infrahub-git-credential and target/release/infrahub-git-askpass.
The project includes a multi-stage Dockerfile that produces statically linked binaries (musl) in a scratch-based image. Supports both amd64 and arm64 architectures.
docker build -t registry.opsmill.io/opsmill/infrahub-git-credential-helper .Use in a downstream Dockerfile:
COPY --from=registry.opsmill.io/opsmill/infrahub-git-credential-helper:latest /usr/bin/infrahub-git-credential /usr/bin/infrahub-git-credential
COPY --from=registry.opsmill.io/opsmill/infrahub-git-credential-helper:latest /usr/bin/infrahub-git-askpass /usr/bin/infrahub-git-askpassThis project is licensed under the Apache License, Version 2.0. See LICENSE.txt for details.