to navigate

to select

to close

On this page

Client Secrets

Secure authentication for automated processes

Introduction

Client secrets provide secure authentication for non-interactive processes in IPMHub, enabling automated workflows through platforms like DevOps pipelines and GitHub Actions. These secrets allow programmatic access to IPMHub functionality while maintaining security and control over permissions.

Key Features

Role-Based Access: Assign specific permission levels (Viewer or Contributor) to control access scope
Configurable Analytics: Choose the level of analytics data collection
Managed Expiration: Set validity periods up to 24 months
Revocation Control: Immediately revoke access when needed
Security Compliance: Administrative oversight with proper role requirements

Usage and Limitations

Authentication Priority

Client secret authentication always takes precedence over interactive authentication
When using a client secret, any existing interactive session will be ignored

Multiple Secrets Support

IPM supports the use of multiple client secrets simultaneously
Each secret can have different roles and analytics settings

Supported Operations

When using client secrets, the IPM client only supports these commands:

ipm add: Add and download packages
ipm sync: Sync a whole IPM workspace
ipm status: Get the status of a IPM workspace
ipm publish: Publish new package versions
ipm info: Retrieve package information

info

Other IPM commands are not available when using client secret authentication.

Access Control

Client secrets can be assigned one of following two roles:

Viewer: Allows read-only operations such as downloading packages and workspace synchronization
Contributor: Enables package version publication in addition to viewer capabilities

Analytics Options

Each client secret can be configured with different analytics collection modes:

Disabled: No analytics data collected
Limited: Basic usage metrics only
Complete: Full usage analytics collection

Security Considerations

Client secrets expire automatically after their configured lifetime (maximum 24 months)
Once revoked, secrets cannot be reactivated
Expired secrets cannot be renewed - create new ones instead
Creation and management require Security Manager role or higher

info

Client secrets are designed for automated processes and should not be used for interactive sessions.

Managing Client Secrets

Access client secret management through:

Organizations
Select your organization
Settings
Client Secrets

Next Steps

Delete and restore Tracked Workspace

Delete and restore a Tracked …

Create Client Secret

Instructions for creating new …

Client Secrets

Introduction link

Key Features link

Usage and Limitations link

Authentication Priority link

Multiple Secrets Support link

Supported Operations link

Access Control link

Analytics Options link

Security Considerations link

Managing Client Secrets link

Next Steps link