Documentation
Access Guide
Git Access
Secure Git access with SSH certificates. No more managing deploy keys or personal access tokens across repositories.
Estimated time: 10 minutes
Key Features
Certificate Auth
SSH certificates instead of deploy keys
Short-Lived Access
Credentials expire automatically
Access Auditing
Log all clone, push, and pull operations
Fine-Grained RBAC
Control access by org, repo, and action
Supported Providers
GitHub Enterprise
GitLab Self-Hosted
Bitbucket Server
Gitea / Forgejo
Azure DevOps
AWS CodeCommit
Setup Steps
1
Register Git Server
Add your Git server or repository to TigerAccess.
tacctl create -f - <<EOF
kind: git_server
metadata:
name: github-enterprise
labels:
provider: github
spec:
# GitHub Enterprise
uri: github.company.com:22
protocol: ssh
# Or GitLab
# uri: gitlab.company.com:22
# protocol: ssh
EOF2
Configure Git Access Role
Define who can access which repositories.
tacctl create -f - <<EOF
kind: role
metadata:
name: git-developer
spec:
allow:
git_labels:
provider: [github, gitlab]
# Restrict to specific orgs/groups
git_organizations: ["company", "team-*"]
options:
max_session_ttl: 12h
EOF3
Configure SSH for Git
Set up your SSH config for Git access.
# Generate SSH config
tac config --git > ~/.ssh/tigeraccess-git.conf
# Add to ~/.ssh/config
Host github.company.com
Include ~/.ssh/tigeraccess-git.conf
# Or use tac git wrapper
tac git clone git@github.company.com:org/repo.git4
Access Git Repositories
Clone and push to repositories through TigerAccess.
# Login
tac login --proxy=access.company.com
# Clone via tac wrapper
tac git clone git@github.company.com:org/repo.git
# Or use native git (after SSH config)
git clone git@github.company.com:org/repo.git
git push origin main
# List accessible repositories
tac git lsGit Access Configured
With Git access configured, you have:
- SSH certificate authentication for Git
- No deploy keys or PATs to manage
- Complete audit trail of Git operations
- Works with native git client