Description
Is your feature request related to a problem?
In our setup, we use client certificate authentication extensively. It would be very easy for us to deploy a binary cache and setup authentication the same way.
Proposed solution
-
Extend nix.conf with settings for client certificate and private keys.
It can be (1) global configuration with a single keypair, or (2) per substituter URL. -
modify FileTransfer to configure the requierd key/cert pair in the curl request
If my limited understanding of the codebase is correct, this would also make fetchers work with certificates, which would be a nice bonus but not required for us.
If the feature request is acceptable in principle, I am willing to implement and test it.
Alternative solutions
Alternatively, we could setup basic authentication, but it would be more painful from identity management perspective.
Additional context
#690 which initially proposed client certificate authentication as a possible authentication mechanism.
Checklist
- checked latest Nix manual (source)
- checked open feature issues and pull requests for possible duplicates
Add 👍 to issues you find important.
Metadata
Metadata
Assignees
Type
Projects
Status