1.3.2.1 Local User auth
Local User auth is a primitive username/password-based auth mechanism. All users and passwords are configured statically.
In general, we recommend configuring one of the other providers instead, but for small deployments with only a few users, local user auth may be all you need.
Authentication
Local users are configured on the web node by setting the following env:
CONCOURSE_ADD_LOCAL_USER=myuser:mypass,anotheruser:anotherpassThis configures two users, myuser and anotheruser, with their corresponding passwords. The literal password can be provided, or a bcrypt hash of the password.
When local users are configured, the log-in page in the web UI will show a username/password prompt.
Local users can also log in via fly login with the --username and --password flags.
Bcrypt Hashing Passwords
Instead of passing in user passwords in plaintext, you can provide Concourse with a bcrypt hash of the passwords.
There aren't any great CLI tools for quickly hashing passwords with bcrypt. Here's a simple Go program that can do the hashing for you.
package main
import (
"fmt"
"golang.org/x/crypto/bcrypt"
)
func main() {
password := []byte("mypass")
hash, _ := bcrypt.GenerateFromPassword(password, 12)
fmt.Println(string(hash))
}Put that in a main.go then run go run main.go and it will output a hash for your password. You can run this program in the Go Playground if you want to avoid installing Go.
Hashing the passwords for the previous example, you would then set CONCOURSE_ADD_LOCAL_USER to the following:
CONCOURSE_ADD_LOCAL_USER='myuser:$2a$12$L8Co5QYhD..S1l9mIIVHlucvRjfte4tuymMCk9quln0H/eol16d5W,anotheruser:$2a$12$VWSSfrsTIisf96q7UVsvyOBbrcP88kh5CLtuXYSXGwnSnM3ClKxXu'Authorization
Local users are granted access to teams via fly set-team, using the --local-user flag:
$ fly set-team -n my-team \
--local-user some_username...or via --config for setting user roles:
roles:
- name: member
local:
users: ["some_username"]
powered by