mirror of
https://github.com/go-task/task.git
synced 2026-07-01 08:34:19 +00:00
feat: support self-signed certificates for remote taskfiles (#2537)
This commit is contained in:
@@ -263,6 +263,38 @@ Taskfile that is downloaded via an unencrypted connection. Sources that are not
|
||||
protected by TLS are vulnerable to man-in-the-middle attacks and should be
|
||||
avoided unless you know what you are doing.
|
||||
|
||||
#### Custom Certificates
|
||||
|
||||
If your remote Taskfiles are hosted on a server that uses a custom CA
|
||||
certificate (e.g., a corporate internal server), you can specify the CA
|
||||
certificate using the `--cacert` flag:
|
||||
|
||||
```shell
|
||||
task --taskfile https://internal.example.com/Taskfile.yml --cacert /path/to/ca.crt
|
||||
```
|
||||
|
||||
For servers that require client certificate authentication (mTLS), you can
|
||||
provide a client certificate and key:
|
||||
|
||||
```shell
|
||||
task --taskfile https://secure.example.com/Taskfile.yml \
|
||||
--cert /path/to/client.crt \
|
||||
--cert-key /path/to/client.key
|
||||
```
|
||||
|
||||
::: warning
|
||||
|
||||
Encrypted private keys are not currently supported. If your key is encrypted,
|
||||
you must decrypt it first:
|
||||
|
||||
```shell
|
||||
openssl rsa -in encrypted.key -out decrypted.key
|
||||
```
|
||||
|
||||
:::
|
||||
|
||||
These options can also be configured in the [configuration file](#configuration).
|
||||
|
||||
## Caching & Running Offline
|
||||
|
||||
Whenever you run a remote Taskfile, the latest copy will be downloaded from the
|
||||
@@ -313,6 +345,9 @@ remote:
|
||||
trusted-hosts:
|
||||
- github.com
|
||||
- gitlab.com
|
||||
cacert: ""
|
||||
cert: ""
|
||||
cert-key: ""
|
||||
```
|
||||
|
||||
#### `insecure`
|
||||
@@ -410,3 +445,36 @@ task --trusted-hosts github.com,gitlab.com -t https://github.com/user/repo.git//
|
||||
# Trust a host with a specific port
|
||||
task --trusted-hosts example.com:8080 -t https://example.com:8080/Taskfile.yml
|
||||
```
|
||||
|
||||
#### `cacert`
|
||||
|
||||
- **Type**: `string`
|
||||
- **Default**: `""`
|
||||
- **Description**: Path to a custom CA certificate file for TLS verification
|
||||
|
||||
```yaml
|
||||
remote:
|
||||
cacert: "/path/to/ca.crt"
|
||||
```
|
||||
|
||||
#### `cert`
|
||||
|
||||
- **Type**: `string`
|
||||
- **Default**: `""`
|
||||
- **Description**: Path to a client certificate file for mTLS authentication
|
||||
|
||||
```yaml
|
||||
remote:
|
||||
cert: "/path/to/client.crt"
|
||||
```
|
||||
|
||||
#### `cert-key`
|
||||
|
||||
- **Type**: `string`
|
||||
- **Default**: `""`
|
||||
- **Description**: Path to the client certificate private key file
|
||||
|
||||
```yaml
|
||||
remote:
|
||||
cert-key: "/path/to/client.key"
|
||||
```
|
||||
|
||||
Reference in New Issue
Block a user