Authentication
Your credentials provide access to proprietary software. Never share your credentials or commit them to public repositories.
Overview
Our system is distributed as a Helm chart and Docker images stored in our private Artifactory repository. You need valid credentials to access these resources during the installation process.
We support two authentication methods:
Username and Password: Basic authentication with your provided credentials
API Token: More secure method using generated tokens with configurable permissions and expiration
For production environments, we strongly recommend using API tokens.
Follow these best practices for credential security:
Use environment variables instead of hardcoding credentials
Implement secrets management tools like HashiCorp Vault or Kubernetes Secrets
Rotate credentials regularly (at least every 90 days)
Use separate credentials for development and production environments
Requesting Access Credentials
For additional credentials or to replace lost ones:
Log in to our Customer Portal
Navigate to Account → Access Management
Click Request New Credentials
Select the appropriate access level and provide justification
Submit the request
Requests are typically processed within 1 business day.
Authentication with Helm
Using Username and Password
You can provide your credentials directly in the Helm command:
helm repo add maisa-repo https://artifactory.company.com/artifactory/helm-repo \
--username YOUR_USERNAME \
--password YOUR_PASSWORDThis method saves your credentials in plain text in your shell history. For better security, use environment variables or the credentials file method.
Set your credentials as environment variables:
export HELM_REPO_USERNAME=YOUR_USERNAME
export HELM_REPO_PASSWORD=YOUR_PASSWORD
helm repo add maisa-repo https://artifactory.company.com/artifactory/helm-repoCreate a credentials file:
Create a file at
~/.helm/credentials.yamlwith the following content:
artifactory.company.com:
username: YOUR_USERNAME
password: YOUR_PASSWORDSecure the file:
chmod 600 ~/.helm/credentials.yamlAdd the repository without explicitly providing credentials:
helm repo add maisa-repo https://artifactory.company.com/artifactory/helm-repoHelm will automatically use the credentials from the file.
Using API Tokens
API tokens are more secure than username and password authentication.
Use the token in place of a password:
helm repo add maisa-repo https://artifactory.company.com/artifactory/helm-repo \
--username YOUR_USERNAME \
--password YOUR_API_TOKENAuthentication with Docker
The Helm chart needs to pull Docker images from our private registry. You need to configure Docker to authenticate with our registry.
Log in to our Docker registry:
docker login artifactory.company.com \
--username YOUR_USERNAME \
--password YOUR_PASSWORDThis command creates or updates the file ~/.docker/config.json with your credentials.
For Kubernetes to pull images from our private registry, create a secret:
kubectl create secret docker-registry maisa-registry-creds \
--docker-server=artifactory.company.com \
--docker-username=YOUR_USERNAME \
--docker-password=YOUR_PASSWORD \
--docker-email=YOUR_EMAILThen reference this secret in your values.yaml:
imagePullSecrets:
- name: maisa-registry-credsAlternatively, you can provide the credentials directly in your values.yaml:
imageCredentials:
registry: artifactory.company.com
username: YOUR_USERNAME
password: YOUR_PASSWORD
email: YOUR_EMAILThe Helm chart will create the necessary pull secret automatically.
This method stores your credentials in the values.yaml file. Ensure this file is properly secured and not committed to version control.
Authentication Troubleshooting
Automatic Authentication Renewal
For continuous integration/continuous deployment (CI/CD) environments, we recommend setting up automatic token renewal.
Use our REST API to automatically generate new tokens before the current one expires:
curl -X POST https://portal.company.com/api/v1/tokens \
-H "Authorization: Bearer CURRENT_TOKEN" \
-H "Content-Type: application/json" \
-d '{
"name": "Auto-renewed token",
"scopes": ["read:helm-charts", "read:docker-images"],
"expiration_days": 90
}'If you're using HashiCorp Vault, you can leverage the Artifactory Secrets Engine to automatically manage and rotate credentials.
Example Vault configuration:
path "artifactory/config" {
capabilities = ["create", "update"]
}
path "artifactory/roles/*" {
capabilities = ["create", "update", "read", "delete"]
}
path "artifactory/creds/*" {
capabilities = ["read"]
}Next Steps
Now that you have set up authentication, you can proceed with:
Configuring the system according to your requirements
Last updated