Credential used by bower on build server

2 posts, 0 answers
  1. Enoch
    Enoch avatar
    3 posts
    Member since:
    Jun 2015

    Posted 28 Apr Link to this post

    Hi, we are using Jenkins to build our project, in which bower will be invoked to install dependencies including Kendo UI professional. Regarding the credentials... I see the options are: 1) in bower.json, have something like "kendo-ui": "https://<user>:<pwd>@bower.telerik.com/bower-kendo-ui.git#~2016.1.412", or 2) have the <user>:<pwd> stored in _netrc (windows) or some plugin ( this option unfortunately does not work currently in our Jenkins, the build always suspends when starting to authenticate against kendo repository). Both options expose the credential to some extent.

    The problem is, we can't really have a "build user" for downloading Kendo on the build server, as we would then have to pay for yet another license, or one of our developer's personal subscription accounts would have to be used. That sounds a bit weird. Is there any token, "API Key" or similar concept? If username/password is the only way to let bower download Kendo, any suggestions on how that should be done on Jenkins?

  2. Petyo
    Admin
    Petyo avatar
    2438 posts

    Posted 02 May Link to this post

    Hello,

    The API key or token approach is the way to go, indeed. Our infrastructure team is considering this implementation, but we don't provide such offering for the moment. 

    Apart from that, the _netrc file should work as expected. For added security, you may change the file permissions, so that it is readable only by the jenkins user. 

    Regards,
    Petyo
    Telerik
     
    Join us on our journey to create the world's most complete HTML 5 UI Framework - download Kendo UI now!
     
  3. Kendo UI is VS 2017 Ready
Back to Top