Is your feature request related to a problem?
I would like machine to machine authentication with GitHub to be only using GitHub App authentication instead of a user account.
Proxying GitHub packages (maven) currently requires a username and personal access token in SonaType Nexus.
Describe the solution you'd like
HashiCorp Vault supports issuing tokens from GitHub apps.
- Add support for Vault GitHub App backend when authenticating with proxies.
- Add support for Vault key-value store backend when authenticating with proxies.
- Stretch: allow Nexus to use any of Vault's backends generically when authenticating with proxies.
- It would be nice if Nexus could access Vault for these backends via App Role authentication (a feature of Vault).
I would like to configure a Nexus proxy and select HashiCorp Vault as the backend for credentials when Nexus needs to authenticate with the upstream proxy (such as a maven repository in GitHub packages).
In this case, rather than Vault granting time-limited access to Nexus; it would be great if Nexus could utilize Vault backends for itself to access other services (such as proxy repositories) where Vault manages the credentials.
Describe alternatives you've considered
- Self-developing a Nexus plugin for GitHub app authentication more directly.
- Self-developing an out-of-Nexus lambda which updates proxy passwords every 50 minutes for GitHub package-configured repositories.
Additional context
None I can think of but feel free to ask questions.
Is your feature request related to a problem?
I would like machine to machine authentication with GitHub to be only using GitHub App authentication instead of a user account.
Proxying GitHub packages (maven) currently requires a username and personal access token in SonaType Nexus.
Describe the solution you'd like
HashiCorp Vault supports issuing tokens from GitHub apps.
I would like to configure a Nexus proxy and select HashiCorp Vault as the backend for credentials when Nexus needs to authenticate with the upstream proxy (such as a maven repository in GitHub packages).
In this case, rather than Vault granting time-limited access to Nexus; it would be great if Nexus could utilize Vault backends for itself to access other services (such as proxy repositories) where Vault manages the credentials.
Describe alternatives you've considered
Additional context
None I can think of but feel free to ask questions.