Goal: Enable automation and bootstrapping of Quay deployments without a dependency on the Quay UI to interactively generate API (Application) tokens.
Background: In order to automate Quay via its own API, an Application needs to be created first in order to mint an (API) token, with a desired scope. This can only be done via the Quay UI today and this presents a barrier to integrate Quay in automation workflows or bootstrap a vanilla Quay deployment, where UI access is not available.
Requirements:
- present a way to mint API tokens without the need of an interactive users leveraging the Quay UI
- sufficiently protect this way of generating API tokens based on pre-seeded identities / secrets or identities in the system
- by default this endpoint should be disabled, but should be enabled via the Quay config file
- blocks
-
RFE-8719 [RFE] Quay - Non-Human Authentication to Management API + Workload Identity
-
- Waiting
-
- is related to
-
-
- Refinement
-
-
-
- New
-
-
-
- New
-
- is triggering
-
PROJQUAY-9856 [Backend] API & Authentication for Programmatic Token Provisioning
-
- New
-