Story #3897

Updated by Tim Pierce about 5 years ago

The usual method by which a client authenticates to Arvados is via the ARVADOS_API_HOST, ARVADOS_API_TOKEN and ARVADOS_API_HOST_INSECURE environment variables. There are some drawbacks to this method: e.g. the environment variables have to be set each time a user logs in, a program can authenticate to only one Arvados instance at a time, users cannot easily manage authentication credentials for multiple Arvados instances, etc.

It would help here to have a mechanism that is shared by any CLI tool using the Python or Ruby SDKs, permitting credential management for multiple Arvados instances in a consistent and convenient way.

There are several possibilities:
* Clients could use @$HOME/.config/arvados/instance.conf@ as a source of authentication tokens (the approach currently taken by @arv-copy@)
* Environment variables could be named for their parent instance, e.g.:
** @ARVADOS_API_HOST_QR1HI=qr1hi.arvadosapi.com@
** @ARVADOS_API_TOKEN_QR1HI=....@

The goal of this story is to choose an authentication mechanism that clients can use consistently across tools, and that is supported and documented properly by the doc site and Workbench.

Back