Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

GitHub Apps Credentials - error decoding private key, cannot figure out correct format #3055

Closed
4 tasks done
jeffmccune opened this issue Dec 4, 2024 · 6 comments · Fixed by #3059
Closed
4 tasks done

GitHub Apps Credentials - error decoding private key, cannot figure out correct format #3055

jeffmccune opened this issue Dec 4, 2024 · 6 comments · Fixed by #3059
Assignees
@hiddeco
Labels
area/controller kind/bug priority/normal
Milestone
v1.1.0

Comments

@jeffmccune
Copy link

Checklist

  • I've searched the issue queue to verify this is not a duplicate bug report.
  • I've included steps to reproduce the bug.
  • I've pasted the output of kargo version.
  • I've pasted logs, if applicable.

Description

Following GitHub App Authentication docs, I can't convince Kargo to accept the credentials.

Screenshots

Screenshot 2024-12-04 at 12 46 21 PM

Steps to Reproduce

  1. Create and install a GitHub App as described at GitHub App Authentication
  2. Follow the Kargo Quickstart to configure the Project, Warehouse, and Stages
  3. Create a secret as described in the GitHub App Authentication doc.

Take care to ensure the string values don't have trailing newlines and the base64 pem encoded key is the value:

kubectl get secret -n kargo-demo github-app-creds -o json \
  | jq --exit-status '.data | map_values(@base64d)'
{
  "githubAppID": "1099999",
  "githubAppInstallationID": "57999999",
  "githubAppPrivateKey": "-----BEGIN RSA PRIVATE KEY-----\nMIIE\nREDACTED\n-----END RSA PRIVATE KEY-----",
  "repoURL": "https://github.com/jeffmccune/bank-of-holos.git"
}

Version

v1.0.3

Logs

failed to run step "git-clone": error getting credentials for https://github.com/jeffmccune/bank-of-holos.git: error getting installation access token: error decoding private key: illegal base64 data at input byte 0
@jeffmccune jeffmccune changed the title GitHub Apps Credentials aren't working GitHub Apps Credentials - error decoding private key, cannot figure out correct format Dec 4, 2024
@hiddeco
Copy link
Contributor

hiddeco commented Dec 4, 2024

I suspect your private key is not base64 encoded as a literal Secret value (i.e. encoded twice).

@jeffmccune
Copy link
Author

@hiddeco Do you mean the pem file GitHub provides needs to be base64 encoded a second time? PEM encoding is Base64 encoding so I figured the Kargo documentation was saying to take care to provide the pem contents.

If Kargo requires double base 64 encoding for some reason, it might be worth an update the docs to clarify.

I just tried to double encode it and appear to have gotten a bit further along.

@jeffmccune
Copy link
Author

It's also especially confusing because k8s also base64 encodes the stringData field, so this field end up being base64 encoded 3 times...

@jeffmccune
Copy link
Author

Solution: wrap the pem file GitHub provides in a second layer of base64 encoding and provide to the stringData field so k8s wraps the data in a third layer of base64 encoding.

@jeffmccune jeffmccune mentioned this issue Dec 4, 2024
Closed
8 tasks
@hiddeco hiddeco mentioned this issue Dec 4, 2024
Merged
@hiddeco
Copy link
Contributor

hiddeco commented Dec 5, 2024

It's also especially confusing because k8s also base64 encodes the stringData field, so this field end up being base64 encoded 3 times...

I agree, and we could not really tell why we made this a requirement. I raised #3059 to make this easier in the future.

@krancour krancour added this to the v1.1.0 milestone Dec 5, 2024
@krancour
Copy link
Member

krancour commented Dec 5, 2024

Reopening this for visibility until #3059 closes it.

@krancour krancour reopened this Dec 5, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@hiddeco hiddeco

Labels
area/controller kind/bug priority/normal
Projects
None yet
Milestone
v1.1.0
Development

Successfully merging a pull request may close this issue.

fix(creds): don't require base64 PK for GitHub Apps hiddeco/kargo
3 participants
@jeffmccune @krancour @hiddeco