Password for authenticating workspaces with external services
Hey,
I'm setting up a coder environment for a internal setup, and I'm wondering if it's possible to let a user type in a username/password for a internal service (e.g. fileshare), (or access the user password with terraform.
I thought about letting the user type in a password as a workspace parameter, but obviously that's not secretly stored, and it's even impossible to hide it in the workspace parameters as there is nothing "type = password" in the parameters.
I'm thankful for any help!
14 Replies
<#1180133967509323896>
Category
Help needed
Product
Coder OSS (v2)
Platform
Linux
Logs
Please post any relevant logs/error messages.
I recommend you look into https://coder.com/docs/v2/latest/admin/external-auth
Then your users can get authenticated with external services.
External Auth - Coder v2 Docs
Learn how connect Coder with external auth providers
thanks, I saw that. But unfortunately, I don't have an external service that can provide authentication for everyone.
If you need an OIDC provider, I highly recommend authentik. It is super easy to set up using the env variables from Atif's link.
I use Authentik too, it's great !
Yeah. I had set up Keycloak and used that for way too long. Authentik is a dream.
@Tobias G I think https://github.com/coder/coder/issues/7087 will make your use case more accessible. We don't have this right now but it's on the roadmap.
Meanwhile a janky workaround to do this in a secure way is to store and pull username/password from a Vault. And the vault can be configured using an external auth.
GitHub
User-level secrets · Issue #7087 · coder/coder
Some users want their developers to be pre-authenticated with external providers (e.g. Artifactory) when they first create their workspace. This may be to pull data in the startup script or avoid m...
yes, this is exactly what I'm looking for!
looks very promising, thanks!
In this regard: it would actually help a lot if there was a module on the integration of sshfs, as such authentication would be easily possible with the private-public key generated for each user. Is there any plan on adding a module for that?
hey, what would you need sshfs for ?
is your goal to mount a network share ?
yes exactly
there isn't a module for this yet but should already be able to do it
1. Install SSHFS within your container/vm image or within the startup script
2. (Modify your SSH configuration so that SSH uses your coder SSH key for authenticating)
3. Launch SSHFS within the startup script as a background process
you can see how the Git Commit Signing module downloads the SSH key to the machine and make use of that!
https://github.com/coder/modules/blob/main/git-commit-signing/run.sh#L20
I don't know if you HAVE to edit the SSH config or if sshfs can accept a ssh key as a parameter
you will probably want to write a script that uses the coder API to periodically download the users' ssh key on your ssh server so you don't have to add them manually everytime
thanks I'll try!
feel free to ask any questions if needed along the way
Yes. And also you are welcome to contribute a sshfs module 🙂
We would be happy to help