LogoLogo
1.2.0
1.2.0
  • Maisa System
    • Introduction
    • Architecture
    • How to use it
  • Helm Installation
    • Getting Started
    • Authentication
    • Configuration Reference
Powered by GitBook
On this page
  • Overview
  • Requesting Access Credentials
  • Authentication with Helm
  • Using Username and Password
  • Using API Tokens
  • Authentication with Docker
  • Authentication Troubleshooting
  • Automatic Authentication Renewal
  • Next Steps
Edit on GitHub
Export as PDF
  1. Helm Installation

Authentication

PreviousGetting StartedNextConfiguration Reference

Last updated 26 days ago

Your credentials provide access to proprietary software. Never share your credentials or commit them to public repositories.

Overview

Our system is distributed as a Helm chart and Docker images stored in our private Artifactory repository. You need valid credentials to access these resources during the installation process.

We support two authentication methods:

  1. Username and Password: Basic authentication with your provided credentials

  2. API Token: More secure method using generated tokens with configurable permissions and expiration

For production environments, we strongly recommend using API tokens.

Follow these best practices for credential security:

  • Use environment variables instead of hardcoding credentials

  • Implement secrets management tools like HashiCorp Vault or Kubernetes Secrets

  • Rotate credentials regularly (at least every 90 days)

  • Use separate credentials for development and production environments

Requesting Access Credentials

New customers should have received initial credentials from our sales team. If you haven't received them, please contact sales@company.com.

For additional credentials or to replace lost ones:

  1. Log in to our

  2. Navigate to Account → Access Management

  3. Click Request New Credentials

  4. Select the appropriate access level and provide justification

  5. Submit the request

Requests are typically processed within 1 business day.

Authentication with Helm

Using Username and Password

You can provide your credentials directly in the Helm command:

helm repo add maisa-repo https://artifactory.company.com/artifactory/helm-repo \
  --username YOUR_USERNAME \
  --password YOUR_PASSWORD

This method saves your credentials in plain text in your shell history. For better security, use environment variables or the credentials file method.

Set your credentials as environment variables:

export HELM_REPO_USERNAME=YOUR_USERNAME
export HELM_REPO_PASSWORD=YOUR_PASSWORD

helm repo add maisa-repo https://artifactory.company.com/artifactory/helm-repo

Create a credentials file:

  1. Create a file at ~/.helm/credentials.yaml with the following content:

artifactory.company.com:
  username: YOUR_USERNAME
  password: YOUR_PASSWORD

  1. Secure the file:

chmod 600 ~/.helm/credentials.yaml

  1. Add the repository without explicitly providing credentials:

helm repo add maisa-repo https://artifactory.company.com/artifactory/helm-repo

Helm will automatically use the credentials from the file.

Using API Tokens

API tokens are more secure than username and password authentication.

Use the token in place of a password:

helm repo add maisa-repo https://artifactory.company.com/artifactory/helm-repo \
  --username YOUR_USERNAME \
  --password YOUR_API_TOKEN

Authentication with Docker

The Helm chart needs to pull Docker images from our private registry. You need to configure Docker to authenticate with our registry.

Log in to our Docker registry:

docker login artifactory.company.com \
  --username YOUR_USERNAME \
  --password YOUR_PASSWORD

This command creates or updates the file ~/.docker/config.json with your credentials.

For Kubernetes to pull images from our private registry, create a secret:

kubectl create secret docker-registry maisa-registry-creds \
  --docker-server=artifactory.company.com \
  --docker-username=YOUR_USERNAME \
  --docker-password=YOUR_PASSWORD \
  --docker-email=YOUR_EMAIL

Then reference this secret in your values.yaml:

imagePullSecrets:
  - name: maisa-registry-creds

Alternatively, you can provide the credentials directly in your values.yaml:

imageCredentials:
  registry: artifactory.company.com
  username: YOUR_USERNAME
  password: YOUR_PASSWORD
  email: YOUR_EMAIL

The Helm chart will create the necessary pull secret automatically.

This method stores your credentials in the values.yaml file. Ensure this file is properly secured and not committed to version control.

Authentication Troubleshooting

Automatic Authentication Renewal

For continuous integration/continuous deployment (CI/CD) environments, we recommend setting up automatic token renewal.

Use our REST API to automatically generate new tokens before the current one expires:

curl -X POST https://portal.company.com/api/v1/tokens \
  -H "Authorization: Bearer CURRENT_TOKEN" \
  -H "Content-Type: application/json" \
  -d '{
    "name": "Auto-renewed token",
    "scopes": ["read:helm-charts", "read:docker-images"],
    "expiration_days": 90
  }'

Example Vault configuration:

path "artifactory/config" {
  capabilities = ["create", "update"]
}

path "artifactory/roles/*" {
  capabilities = ["create", "update", "read", "delete"]
}

path "artifactory/creds/*" {
  capabilities = ["read"]
}

Next Steps

Now that you have set up authentication, you can proceed with:

If you're using HashiCorp Vault, you can leverage the to automatically manage and rotate credentials.

according to your requirements

Customer Portal
Artifactory Secrets Engine
Installing the Helm chart
Configuring the system