I’m trying to figure out how to handle access to private packages.
For context, I’m using an on-prem builder, but I think this applies to bldr.habitat.sh also.
I have an AWS EC2 instance where I’ve installed my/awesome-package
Originally I did this by copying the .hart file up there and then installing that. The difficulty was at the time the EC2 box couldn’t see my on-prem builder because we don’t have it out on the www.
So I rebuilt the package with my public habiat keys and then uploaded that.
Fast forward I have setup network / firewall rules that allow that EC2 instance access to my on-prem builder, so I can have EC2 install directly from there.
But If I want to make this package private I have to have an access token to put on my EC2 box in order to install / upgrade it.
- Where do I put the access token so that the supervisor will be able to install updates when they become available?
- It seems like it’s going to be problematic if I have to put my personal access token on several servers. What if I need to change it? Or if one of the servers were to get compromised? I don’t think I can create additional users without creating github accounts too?