是否可以使用 2FA 运行 GitHub 操作?
[英]Is it possible to run a GitHub Action with a 2FA?
问题描述
I have the following scenario.
我有以下情况。 Currently a Wordpress site was hosted on an EC2 server.目前 Wordpress 站点托管在EC2服务器上。 There is no deployment strategy in place.没有适当的部署策略。 It was using the AWS CLI to deploy the data from local to the server.它使用 AWS CLI 将数据从本地部署到服务器。
Problem For various reasons, I don't want to take it over that way of deployment and am currently considering putting the deployment process into a GitHub Action.问题由于各种原因,我不想接管那种部署方式,目前正在考虑将部署过程放入 GitHub Action。 Which in itself wouldn't be a problem if it weren't for the 2FA check.如果不是2FA检查,这本身就不是问题。
Using the AWS CLI , I am forced to enter the code displayed in my MS Authenticator app into the CLI to proceed.使用AWS CLI ,我被迫将我的MS Authenticator应用程序中显示的代码输入到 CLI 中才能继续。
Question: Is it possible to deploy via GitHub Action and 2FA?问题:是否可以通过 GitHub Action 和 2FA 进行部署? I guess almost no?我想几乎没有? But what do I know?但我知道什么?
2 个解决方案
解决方案1
1 已采纳 2022-03-15 22:17:25
No, you can't have GitHub Actions prompt and enter the 2FA tokens on your behalf.不,您不能让 GitHub 操作提示并代表您输入 2FA 令牌。 But what you can do, is setup OpenID Connect between GitHub actions and AWS.但是您可以做的是在 GitHub 操作和 AWS 之间设置 OpenID Connect。
That way you can authorize GitHub Actions to make changes to specific resources in AWS and OIDC handles the magic key exchange parts to make sure it can safely do its thing.这样您就可以授权 GitHub 操作对 AWS 中的特定资源进行更改,OIDC 处理魔术密钥交换部分以确保它可以安全地执行其操作。
More info here:更多信息在这里:
解决方案2
0 2022-12-05 06:41:34
You can use the wait-for-secrets GitHub Action to use 2FA from a GitHub Actions workflow.您可以使用wait-for-secrets GitHub 操作来使用 GitHub 操作工作流中的 2FA。 Wait-for-secrets GitHub Action waits for the developer to enter secrets during a workflow run.等待机密 GitHub 操作等待开发人员在工作流运行期间输入机密。 Developers can enter secrets using a web browser and use them in the workflow.开发人员可以使用 web 浏览器输入机密,并在工作流程中使用它们。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.