Skip to content
teleport-actions

GitHub Action

Teleport Auth (Application Access)

v2.0.1 Latest version

Teleport Auth (Application Access)

teleport-actions

Teleport Auth (Application Access)

Generates credentials so that your workflow can access applications protected by Teleport

Installation

Copy and paste the following snippet into your .yml file.

 
              
- name: Teleport Auth (Application Access)

              
  uses: teleport-actions/[email protected]
Learn more about this action in teleport-actions/auth-application

Choose a version


Read our Blog: https://goteleport.com/blog/

Read our Documentation: https://goteleport.com/docs/getting-started/

teleport-actions/auth-application@v2

auth-application uses Teleport Machine ID to generate credentials for accessing an application protected by Teleport.

The action has the following outputs:

  • certificate-file: the path to the client certificate to use with requests to the application.
  • key-file: the path to the private key for the client certificate to use with request to the application.

Pre-requisites:

  • Teleport 14 or above must be used. Use teleport-actions/auth-application@v1 for compatability with older versions of Teleport.
  • Teleport binaries must already be installed in the job environment.
  • The Applicatiom you wish to access must already be connected to your Teleport cluster. See https://goteleport.com/docs/application-access/getting-started/
  • You must have created a bot with a role with access to your Application and created a GitHub join token that allows that bot to join.
  • A Linux based runner.

Example usage:

on:
  workflow_dispatch: {}
jobs:
  demo-auth-application:
    runs-on: ubuntu-latest
    permissions:
      id-token: write
    steps:
      - name: Install Teleport
        uses: teleport-actions/setup@v1
        with:
          version: 14.0.0
      - name: Fetch application credentials
        id: auth
        uses: teleport-actions/auth-application@v2
        with:
          # Specify the publically accessible address of your Teleport proxy.
          proxy: tele.example.com:443
          # Specify the name of the join token for your bot.
          token: my-github-join-token-name
          # Specify the length of time that the generated credentials should be
          # valid for. This is optional and defaults to "1h"
          certificate-ttl: 1h
          # Specify the name of the application you wish to access.
          app: grafana-example
          # Enable submission of anonymous usage telemetry to Teleport.
          # See https://goteleport.com/docs/machine-id/reference/telemetry/ for
          # more information.
          anonymous-telemetry: 1
      - name: Make request
        run: curl --cert ${{ steps.auth.outputs.certificate-file }} --key ${{ steps.auth.outputs.key-file }} https://grafana-example.tele.example.com/api/users