Git Credentials

Git Credentials are used to access Repositories. In order to have access to clone a repository that is configured in a job, you must first add your credentials to Typhoon Test Hub.

The Credentials table (Figure 1) shows the following information:

1. Name
2. Type

In the Details section, you can delete a credential by clicking on the button. A credential can only be deleted if there are no repositories connected with that credential.

By clicking on a specific credential, you can open a form that will let you edit the credential details (Figure 2).

Create credentials

A new credential can be added by clicking on the button. This will open a form that lets you add information to set up your new credential (Figure 3).

To set up a credential, you must:

1. Give it a name which will be used to refer to it throughout Typhoon Test Hub. Each name must be unique.
2. Write a description of the credential.
3. Select the type of credential:
   • Username and Password: Enter your username and password from your account. Note that different platforms have specific requirements:
     • GitHub: Username and password are no longer supported. You must use a personal access token (PAT) for authentication. Generate a PAT and use it instead of your password. For more information, visit the GitHub Authentication Documentation.
     • GitLab: You can use a personal access token (PAT) instead of your password for secure authentication. Ensure you create a PAT with the required scopes. For more details, see the GitLab Cloning Documentation.
     • Bitbucket: Use an app password for authentication. Create an app password in your Bitbucket account settings and use it instead of your regular password. For instructions, refer to the Bitbucket Documentation.
     • Azure DevOps: You can use either a personal access token (PAT) or SSH keys for authentication. For a PAT, generate one in your Azure DevOps account and use it in place of your password. For SSH, make sure your key is added to your Azure DevOps account. More details are available in the Azure DevOps Authentication Overview.
     • AWS CodeCommit: Use HTTPS with your IAM user credentials or SSH for secure access. For HTTPS, use your IAM user credentials or generated access key and secret key. For SSH, ensure your key is associated with your IAM user. Detailed instructions can be found in the AWS CodeCommit Documentation.
   • SSH Username with private key or Deploy key: Enter your username, paste the private part of your SSH key, and enter your passphrase if there is one. Be sure that there are no spaces at the end when adding a private key; to avoid this issue, it is recommended that you copy your key with the select all option and paste it directly into this input field. Also, it is important that the public part of your SSH key is added to your Git repository (if using deploy key) or account (if using SSH key).

Note on storing credentials

When Typhoon Test Hub is installed, it generates an application key and stores it in a file on the server. Each credential is encrypted before storing it to the database. This encryption uses the application key that is stored on the server with Test Hub. When a user views or edits credentials, they are fetched from the database and only the username is decrypted and sent to the frontend.

When Computers are created, a secret key is generated for each one. This secret key is used to encrypt sensitive information that is sent between Test Hub and Officer. This is why Officer is started with a secret key parameter. For example, when a job is suppose to clone a repository, Test Hub will fetch credentials from the database, decrypt them using an application key, then encrypt them using the Officer (computer) secret key and send them with the repository information to Officer. When Officer receives the repository and credentials, it decrypts them to execute the clone command and then discards the encrypted data. Once the clone command is executed, the content of the cloned repository is then used by the Agent.