Skip to main content

GitHub Authentication

Velero UI also supports authentication via GitHub using OAuth 2.0. This guide explains how to configure and enable GitHub authentication using environment variables.

Environment Variables

To enable GitHub authentication, set the following environment variables:

VariableDescription
GITHUB_AUTH_ENABLEDSet to true to enable GitHub authentication. Default is false.
GITHUB_CLIENT_IDThe client ID from your GitHub Developer Settings.
GITHUB_CLIENT_SECRETThe client secret from your GitHub Developer Settings.
GITHUB_OAUTH_SCOPEThe scope of OAuth access. Default: openid email profile.
GITHUB_REDIRECT_URIThe redirect URI after authentication. Default: http://localhost:4200/login.

Steps to Configure GitHub Authentication

  1. Create a GitHub OAuth App

    • Go to the GitHub Developer Settings.
    • Click New OAuth App.
    • Set the Homepage URL and Authorization callback URL to http://localhost:4200/login (or your production URL).
    • Copy the Client ID and Client Secret.

  2. Set Environment Variables

    • Update your environment variables with the values from GitHub.
    • Example: 
      GITHUB_AUTH_ENABLED=true
      GITHUB_CLIENT_ID=your-client-id
      GITHUB_CLIENT_SECRET=your-client-secret
      GITHUB_OAUTH_SCOPE="openid email profile" # read:org
      GITHUB_REDIRECT_URI=http://localhost:4200/login

  3. Restart Your Application

    • Restart the Velero UI to apply the changes.

RBAC

If you are using GitHub Teams for RBAC, ensure that the read:org scope is included in your OAuth app settings. This allows Velero UI to read the user's organization and team memberships.

Organization members can be granted access to Velero UI based on their GitHub team memberships.

Group syntax is organisation_name:role_in_organization, example: my-org:admin, my-org:viewer, my-org:developer.

Then refer to the RBAC documentation for further configuration.

Troubleshooting

  • Ensure that the redirect URI set in GitHub Developer Settings matches GITHUB_REDIRECT_URI.
  • Check if GITHUB_AUTH_ENABLED is set to true.
  • Inspect logs for authentication errors.
  • Verify that your GitHub OAuth credentials are correct.

Conclusion

Once configured, users will be able to sign in to Velero UI using their GitHub accounts via OAuth 2.0 authentication.