LogoLogo
HomeBlogGitHubGet Started FreeLogin
Earthly 0.8
Earthly 0.8
  • 👋Introduction
  • 💻Install Earthly
  • 🎓Learn the basics
    • Part 1: A simple Earthfile
    • Part 2: Outputs
    • Part 3: Adding dependencies With Caching
    • Part 4: Args
    • Part 5: Importing
    • Part 6: Using Docker In Earthly
    • Part 7: Using remote runners
    • Part 8a: Using Earthly in your current CI
    • Final words
  • ⭐Featured guides
    • Rust
  • 📖Docs
    • Guides
      • Importing
      • Build arguments and variables
      • Secrets
      • Functions
      • Using Docker in Earthly
      • Multi-platform builds
      • Authenticating Git and image registries
      • Integration Testing
      • Debugging techniques
      • Podman
      • Configuring registries
        • AWS ECR
        • GCP Artifact Registry
        • Azure ACR
        • Self-signed certificates
      • Using the Earthly Docker Images
        • earthly/earthly
        • earthly/buildkitd
      • ✅Best practices
    • Caching
      • Caching in Earthfiles
      • Managing cache
      • Caching via remote runners
    • Remote runners
    • Earthfile reference
      • Builtin args
      • Excluding patterns
      • Version-specific features
    • The earthly command
    • Earthly lib
    • Configuration reference
    • Examples
    • Misc
      • Alternative installation
      • Data collection
      • Definitions
      • Public key authentication
  • 🔧CI Integration
    • Overview
    • Use the Earthly CI Image
    • Build your own Earthly CI Image
    • Pull-Through Cache
    • Remote BuildKit
    • Vendor-Specific Guides
      • GitHub Actions
      • Circle CI
      • GitLab CI/CD
      • Jenkins
      • AWS CodeBuild
      • Google Cloud Build
      • Bitbucket Pipelines
      • Woodpecker CI
      • Kubernetes
  • ☁️Earthly Cloud
    • Overview
    • Managing permissions
    • Cloud secrets
    • Earthly Satellites
      • Managing Satellites
      • Using Satellites
      • Self-Hosted Satellites
      • GitHub runners
      • Best Practices
      • Bring Your Own Cloud (BYOC)
        • AWS
          • Requirements
          • CloudFormation
          • Terraform
          • Manual
        • VPN
          • Tailscale
Powered by GitBook
On this page
  • Overview
  • Earthly org access levels
  • Managing access to an Earthly org
  • Earthly project access levels
  • Managing access to an Earthly project

Was this helpful?

Edit on GitHub
  1. Earthly Cloud

Managing permissions

This page covers managing permissions for Earthly Cloud products, such as Earthly Cloud Secrets, and Earthly Satellites.

Overview

Earthly Cloud's permissions model has two security boundaries:

  • Earthly orgs

  • Earthly projects

Users may be invited to a specific organization, and optionally to specific projects within the organization.

Earthly orgs may contain the following shared resources:

  • Satellites

  • Earthly projects

Earthly projects, in turn, may contain the following resources:

  • Secrets

  • Build history, including build logs

Earthly org access levels

Within an Earthly org, users may be granted one of the following access levels:

  • read: Can view the org, projects, and user membership. Can view, inspect, wake and build on satellites. Can also stream and share logs.

  • read+secrets: Same as read, but can also view and use secrets.

  • write: Everything in read+secrets, plus the ability to create and modify satellites, projects, and secrets.

  • admin: Can manage the org, including adding and removing users, and managing projects, secrets and satellites.

Having a certain level of access for a given org automatically grants the same level of access to all projects within that org.

Managing access to an Earthly org

To grant access to an Earthly org, you must invite the user to the org. This can be done by running:

earthly org invite --permission <access-level> <email>

If the user is already part of the org, you can change their access level by running:

earthly org member update --permission <permission> <email>

If you want to revoke access to an Earthly org, you can do so by running:

earthly org member rm <email>

Earthly project access levels

Within an Earthly project, users may be granted one of the following access levels:

  • read: Can view the project, including the build history and build logs.

  • read+secrets: Same as read, but can also view and use secrets.

  • write: Everything in read+secrets, plus the ability to create and modify secrets.

  • admin: Everything in write, plus the ability to manage the project's users.

Managing access to an Earthly project

To grant access to an Earthly project, you must invite the user to the project. This can be done by running:

earthly project --project <project-name> member add --permission <access-level> <email>

Note

You can only invite a user to a project if they are already part of the organization.

If the user is already part of the project, you can change their access level by running:

earthly project --project <project-name> member update --permission <permission> <email>

If you want to revoke access to an Earthly project, you can do so by running:

earthly project --project <project-name> member rm <email>
PreviousOverviewNextCloud secrets

Last updated 11 months ago

Was this helpful?

☁️