Connecting Git to TeamCity - password protection

Hi!

We've connected TeamCity to our Git repositories using the "Password" authentication method. Is there a way to retrieve the password from a protected variable where only system administrators / privileged users have access to?

Problem: we cannot create a new TeamCity-reader user per Git repository due to licence restrictions of our Git windows server product. Therefore the single git-teamcity-reader user must have read access to all of our repositories and anybody having the password could clone any repository. Therefore we don't want to give out the password to each project, it should be a protected variable or something alike, so that the password can only be used on the TeamCity server and it is much harder (and easier to log) if somebody uses TeamCity features to clone a different repository.

What's the recommended solution to the problem?

Best regards,
Dominik

3 comments
Comment actions Permalink

Hi,

To setup what you want you need to create a VCS root on top-level project, configure URL including a parameter, for example https://github.com/username/%project_name%. Configure roles for other users not to able to administrate this project.
So users will be able to attach this VCS root to all subprojects and define %project_name% parameter, while they will have no access to password.

0
Comment actions Permalink

Thank you for your initial reply.

If I setup the root project like you described, how does one administer branch specifications, etc. in the sub projects? I don't think this is an optimal solution. Is there really no other way?

Best regards,
Dominik

0
Comment actions Permalink

You can specify branches as parameter the same as password, using parameter %branches% for example.
Feel free to create a new feature request in our tracker.

You can also use typed parameter "password". But it is not really secure and can be used inside build step, see related issue.

0

Please sign in to leave a comment.