- debian:apt-authentication
Category: debian:apt-authentication
This asset stores authentication data that can be used by tasks that need to authenticate to an external APT repository, such as APTMirror.
Data:
auth_scheme(string): the authentication scheme; at present this may only bebasic, but this field exists in case APT adds other authentication schemes in futurename(string): the name of these credentials, used to identify the asset in taskscredentials(dictionary): secret scheme-dependent credentials
For auth_scheme: basic, the credentials field is as follows:
username(string)
password(string)
This asset must be in a workspace, and only a single asset with a given name
can exist in a given workspace. In task data, the asset may be identified
either as name (in which case it is looked up in the same workspace as
the task) or as workspace:name (in which case it is looked up in the
named workspace in the same scope as the task).
This asset may be used by the owner of that workspace, or by members of
groups to which the APT_AUTHENTICATOR role has been granted via an
AssetUsage row.
To ensure that credentials are not exposed in logs, tasks must take care to provide them to APT using the apt_auth.conf(5) mechanism.
Since Basic authentication is sent in cleartext (see RFC 7617), APT will only use it with
repositories accessed over HTTPS (unless an explicit protocol is specified
in /etc/apt/auth.conf.d/, which tasks should not do). Tasks may add
their own checks for this in order to provide better error handling.