Git secret is not propagated to ArgoCD #2977
-
|
I'm following Kargo's quickstart with a Kind cluster, and the first promotion gets stuck in the When I inspect the ArgoCD dashboard I see the error If I then provide the git credentials directly to ArgoCD (via |
Beta Was this translation helpful? Give feedback.
Replies: 1 comment 1 reply
-
|
They are not meant to be shared in that way. You must have made your fork of the kargo-demo-gitops private? That wasn't the intention, and the quickstart may need an update to clarify this point. Assuming it had been public, Kargo needed credentials to write to the repo, but Argo CD would have required none to read from it. And this actually illustrates one of the underlying reasons that the two systems do not share secrets. Argo CD only ever needs read permissions and Kargo frequently needs write permissions. By the principle of least privilege, they ought not share or else you've given Argo CD more permissions than it requires. |
Beta Was this translation helpful? Give feedback.
-
|
I see! I was using a private repository. Thanks for clarifying 🙏 |
Beta Was this translation helpful? Give feedback.
They are not meant to be shared in that way.
You must have made your fork of the kargo-demo-gitops private? That wasn't the intention, and the quickstart may need an update to clarify this point.
Assuming it had been public, Kargo needed credentials to write to the repo, but Argo CD would have required none to read from it. And this actually illustrates one of the underlying reasons that the two systems do not share secrets. Argo CD only ever needs read permissions and Kargo frequently needs write permissions. By the principle of least privilege, they ought not share or else you've given Argo CD more permissions than it requires.