User-specific parameters
Hey folks, neat tool. Is there any way to setup some form of "user specific parameters"? I'd like to create some key/value pairs that are tied to specific users, then access them in templates.
My use case here is that I'd like to tie user-specific values, such as git name and email, and GPG signing key for commits, to a user, and automatically setup workspaces to use these. These could alternatively be provided by users as parameters for every new workspace, but it's pretty tedious and easy to make a mistake with this approach.
This could probably be accomplished via external auth to some secret store, but this has some big downsides:
* Sending users to another application, and ensuring that values are set ahead of time
* Needing to run something heavy like Vault (AFAIK there are no lightweight secret managers out there that support OIDC auth and a web UI)
Tangentially related, is there any way to get workspace owner user claims from a template? With this I could maybe hack something together, though I'd prefer to not dump secrets into claims.
5 Replies
<#1440979103590121492>
Category
Help needed
Product
Coder (v2)
Platform
Linux
Logs
Please post any relevant logs/error messages.
Please post any relevant logs/error messages.N/A
Better support for secrets in Coder has been proposed, but I'm not sure when it'll get prioritised for development: https://github.com/coder/coder/discussions/17965. The proposal does indeed include user-level secrets.
It is possible to set up git names and emails currently, since we supply them on
data.coder_workspace_owner.me (see the module implementation https://registry.coder.com/modules/coder/git-config?tab=source) - though if you need different values from that of the Coder account you may be out of luck.
As for GPG keys, coder ssh does support GPG key forwarding with the -G argument, though I'm not sure if that'd be good enough for your use case.Thanks! I hit ⬆️ on the linked discussion. Unfortunately pulling this data from
data.coder_workspace_owner.me isn't great for my use case, because:
* Git commit emails don't always match IdP/coder user emails
* Some projects allow for a pseudonym (e.g. github username) on commits, and others require legal name (such as those for CNCF projects), and I'd like the user to be able to choose which to apply
I'll take a look at the GPG key forwarding via coder ssh. This wouldn't solve the issue for web IDE access, but might be sufficient here.
Thanks again for your help!