Skip to content

Authentication

The client can be instatiated with either a username and password, a base64-encoded HTTP Basic Access Authentication Token, or a Harbor JSON credentials file.

Username and password

Username and password (titled secret to conform with Harbor naming schemes) can be used by instantiating the client with the username and secret parameters. This is the most straight forward method of authenticating.

from harborapi import HarborAsyncClient

client = HarborAsyncClient(
    url="https://your-harbor-instance.com/api/v2.0",
    username="username",
    secret="secret"
)

In order to avoid hard-coding secrets in your application, you might want to consider using environment variables to store the username and password:

import os
from harborapi import HarborAsyncClient

client = HarborAsyncClient(
    url="https://your-harbor-instance.com/api/v2.0",
    username=os.environ["HARBOR_USERNAME"],
    secret=os.environ["HARBOR_PASSWORD"]
)

Basic access authentication aredentials

In place of username and secret, a Base64-encoded HTTP Basic Access Authentication credentials string can be used to authenticate. This string is simply username:secret encoded to Base64, and as such is not any more secure than username and password authentication; it only obscures the text.

from harborapi import HarborAsyncClient

client = HarborAsyncClient(
    url="https://your-harbor-instance.com/api/v2.0",
    basicauth="base64_basicauth_here",
)

Again, it might be pertinent to store this in your environment variables:

import os
from harborapi import HarborAsyncClient

client = HarborAsyncClient(
    url="https://your-harbor-instance.com/api/v2.0",
    basicauth=os.environ["HARBOR_BASICAUTH"],
)

Credentials file

When creating Robot accounts, the robot account's credentials can be exported as a JSON file. The credentials_file parameter takes an argument specifying the path to such a file.

from harborapi import HarborAsyncClient

client = HarborAsyncClient(
    url="https://your-harbor-instance.com/api/v2.0",
    credentials_file="/path/to/file.json", # can also be Path object
)

For simple project-level robot accounts, using the Robot Accounts tab in the web interface for a project should be sufficient. However, if you require a Robot account with privileges that go beyond the ones offered in the Web UI, such as controlling user groups and replication, managing multiple projects, starting scans, or managing the system configuration, you will need to create a system-level Robot account through the API. See Creating Privileged Robot Accounts for information about how to create system-level Robot accounts with such extended privileges using harborapi.