Credentials and configurations in workspaces

Mount credentials and configurations into your workspaces so that tools such as Git, Maven, and cloud CLIs authenticate automatically without manual setup each time you start a workspace.

To do so, mount your credentials and configurations to the DevWorkspace containers in the Kubernetes cluster of your organization’s Che instance:

  • Mount your credentials and sensitive configurations as Kubernetes Secrets.

  • Mount your non-sensitive configurations as Kubernetes ConfigMaps.

If you need to allow the DevWorkspace Pods in the cluster to access container registries that require authentication, create an image pull Secret for the DevWorkspace Pods.

The mounting process uses the standard Kubernetes mounting mechanism and requires applying additional labels and annotations to your existing resources. Resources are mounted when starting a new workspace or restarting an existing one.

You can create permanent mount points for various components:

  • Maven configuration, such as the user-specific settings.xml file

  • Secure Shell (SSH) key pairs

  • Git-provider access tokens

  • Git configuration

  • AWS authorization tokens

  • Configuration files

  • Persistent storage