Tipi documentation
Authentication
Both your local tipi CLI installation as well as your tipi.build cores and nodes require access to your tipi account to be able to access private repositories and your subscription information.
In order to enable a frictionless usage tipi comes with a crendetials store dubbed tipi vault which is essentially a zero-knowledge encrypted storage linked to your account.
Creation of the vault
During the onboarding on tipi.build you will be asked to create said vault and to provide a passphrase for it. That passphrase is used during the browser session to encrypt the vault and is never sent to our servers.
In the following onboarding steps you will be given the opportunity to grant your account access to private repositories on Github.com which is required if you want to consume privatly listed dependencies.
That access can be granted at any time using the vault dashboard on tipi.build.
Authenticating to tipi.build with tipi
CLI
Run the tipi connect
command and follow the instructions.
You will be prompted with a link to authenticate the device on tipi.build. After confirming the access to your vault the CLI will ask for your vault passphrase.
For private cloud and on premise users: you can connect to your private deployment of tipi.build by specifying the
TIPI_ENDPOINT
environment variable
Authentication in Continuous Integration context
On non-interactive usages of tipi
credentials can be provided by setting the following environment variables: TIPI_ACCESS_TOKEN
, TIPI_REFRESH_TOKEN
, TIPI_VAULT_PASSPHRASE
.
Authentication with a Personal Access Token on Github
tipi.build grants access to your repositories automatically during the onboarding.
However if you want to grant different access level to repositories from an organization, from another account or that weren't authorized yet to use tipi.build you can add a Github Personal Access Token to your vault.
The personal access token are secured by the vault and are only used by you on your local tipi builds or by the short-lived remote build instances.
- Create a Github Personal Access Token
- Open your tipi.build secure vault
- Unlock the vault (this happens in your browser, nothing is transmitted to tipi.build)
- Add your Personal Access Token credentials by adding an additional
https://github.com
or any Github Enterprise endpoint.
Now with the tipi
cli you can refresh your authentication data with tipi connect
.
Found an error or want to add more info? Write an issue or contribute changes to this documentation at tipi-build/docs on