I have a registry set up on my nucleus server and I have an extension published there. To be able to access the registry I need to login to the nucleus.
This works fine. But I obviously do not want my username + password in my code.
I’ve tried token interpolation, specifically ${env:NUCLEUS_USERNAME}:${env:NUCLEUS_PASSWORD} while simultaneously defining these env variables with my username and password.
I am asking about setting up nucleus authentication during the ./repo.bat build step. So far I’ve had no luck getting credentials to work without explicitly specifying them in the configuration as outlined above.
I’ve tried API tokens, but I’ve faced the same problem as with user+password.
I would not advise this approach. Build your template, then launch it, then add a nucleus connection with authentication. Those are the steps.
If you want to hard expose your log in details in the kit app, you can, but it’s not secure obviously. If it’s for you only, there is no problem. If it’s for other people, then that’s a risk.
I really do not see what you are trying to do. Keep Nucleus and the template separate. One your authorize your Nucleus server you are good for a long while.
Alternatively just don’t put your extension on Nucleus. It offers no advantage. Just put the extension folder inside the local build folder. MUCH simpler and safer.
Maybe a bit of context for what I am trying to achieve: I want to separate the development my kit app from my extensions, and thought publishing extensions on our Nucleus would make development easier, as we then don’t have to copy paste the extensions into each new app.
As outline in my initial post, the publish step works, as does adding the Nucleus as an extension registry in the kit file (and alternatively in my repo.toml if I am not mistaken), it is just that building without proper authentication then fails.
Slightly OT but a follow up question:
Just put the extension folder inside the local build folder. MUCH simpler and safer.
Are there guidelines or best practices on how to properly split the development of kit apps and extensions? I am aware there is a template repository for extensions (“kit-extension-template”), but I understand it has been deprecated in favor of kit-app-template. Am I supposed to simply put everything, multiple apps and extensions, in one big repo? Should I use git submodules?
There are many ways to decide who to organize your own development pipeline. That is a hard one to answer. It’s so individual. The main point I am making is that hard coding a private nucleus server in a kit file, just to access one extension, is much harder and more unsecure, than just copying the latest extension builds into your local build folder.
Alternatively you can still hard code in an absolute local server path for your extensions, but maybe host them on something that does not require authorization. We put on lot of stuff on the Amazon S3 cloud. Maybe something like that.