Stuck on an issue?

Lightrun Answers was designed to reduce the constant googling that comes with debugging 3rd party libraries. It collects links to all the places you might be looking at while hunting down a tough bug.

And, if you’re still stuck at the end, we’re happy to hop on a call to see how we can help out.

Feature Request: Ability to Pass Authentication Parameters Individually

See original GitHub issue

It would be great if this action allowed passing in the Subscription ID, Tenant ID, Client ID, and Client Secret as individual parameters instead of bundled in a single JSON object (creds today). This would allow for easier use in pipelines that use Terraform (as it requires them split out). It would also make secret rotation easier as you don’t have to rebuilt the JSON object.

Potential syntax (as an alternative to the existing syntax):

- uses: azure/login@v1.1
        client_id: ${{ secrets.CLIENT_ID }}
        client_secret: ${{ secrets.CLIENT_SECRET }}
        subscription_id: ${{ secrets.SUBSCRIPTION_ID }}
        tenant_id: ${{ secrets.TENANTID }}

If you are open to PRs, I’d love to try this!

Issue Analytics

  • State:closed
  • Created 3 years ago
  • Reactions:21
  • Comments:22 (5 by maintainers)

github_iconTop GitHub Comments

ericsampsoncommented, Feb 16, 2021

Here’s a proposal that might address all those questions, and is still simple for the new user; these 4 individual inputs would be for more advanced users.

  • existing creds input works as it does now (except that it’s optional)
  • add the following 4 new inputs, with the creds_ prefix to help indicate that they are related to the creds JSON blob:
- uses: azure/login@v1.1
        creds_client_id: ${{ secrets.CLIENT_ID }}
        creds_client_secret: ${{ secrets.CLIENT_SECRET }}
        creds_subscription_id: ${{ secrets.SUBSCRIPTION_ID }}
        creds_tenant_id: ${{ secrets.TENANTID }}
  • Key point: any creds_ input overrides the corresponding value in the creds JSON (if passed in by the user). This is similar to how ASP.NET Core configuration providers allow settings to be overlayed. This is actually kind of nice for some use cases, like below.

In other words:

- uses: azure/login@v1.1
        creds: ${{ secrets.AZURE_CREDENTIALS }}
        creds_client_secret: ${{ secrets.CLIENT_SECRET }} # overrides the secret contained in the creds JSON blob.

and so it just falls out that the basic simple use case still works unchanged:

- uses: azure/login@v1.1
        creds: ${{ secrets.AZURE_CREDENTIALS }}
jmserveracommented, Apr 28, 2021

I would also prefer to use individual secrets due to this potential issue as noted in the GitHub Documentation:

To help ensure that GitHub redacts your secret in logs, avoid using structured data as the values of secrets. For example, avoid creating secrets that contain JSON or encoded Git blobs.

Any change in the tooling could potentially leak these secrets. In fact, if you try to “echo” the secret, it is not redacted by the platform. This should be documented as a risk when using the full json as a secret.

Read more comments on GitHub >

github_iconTop Results From Across the Web

Authentication with the Report Server - Microsoft Learn
Each of the authentication types can be turned on or off individually. You can enable more than one authentication type if you want...
Read more >
What is Authentication? - TechTarget
Authorization is a more granular process that validates that the authenticated user or process has been granted permission to gain access to the...
Read more >
Navigating with Compose - Android Developers
Even though exposing events as individual lambda parameters could ... Navigation Compose also supports passing arguments between composable destinations.
Read more >
Django Tutorial Part 8: User authentication and permissions
Django provides an authentication and authorization ... You'll be able to test the password reset functionality from the link in the login ......
Read more >
Get Access Tokens - Auth0
Quickstarts are the easiest way to implement authentication. They show you how to use Universal Login and Auth0's language- and framework-specific SDKs. ·...
Read more >

github_iconTop Related Medium Post

No results found

github_iconTop Related StackOverflow Question

No results found

github_iconTroubleshoot Live Code

Lightrun enables developers to add logs, metrics and snapshots to live code - no restarts or redeploys required.
Start Free

github_iconTop Related Hackernoon Post

No results found

github_iconTop Related Tweet

No results found

github_iconTop Related Post

No results found

github_iconTop Related Hashnode Post

No results found