Sublime supports multiple methods to authenticate to private rule feeds: GitHub Apps (recommended), SSH, and HTTPS.

GitHub Apps Authentication (Recommended)

GitHub Apps provide the most secure and flexible authentication method.

📘

HTTPS URL Required for Github App Authentication

When adding a rule feed using Github Apps to Sublime, you must use the URL for the repository.

❌[email protected]:sublime-security/sublime-rules.git

✅ https://github.com/sublime-security/sublime-rules.git

Setting up GitHub Apps Authentication

1. Install Sublime’s GitHub App: On the Sublime Account Page, scroll down to “Github Integration” and click Install Github App.
   1. Note: if someone in your organization has already downloaded the app, you will be able to add private feeds without any extra steps.
2. Install the App
   • Install Sublime-Security-Integration app on your account or organization
   • Grant access to the specific repositories containing your rule feeds

Disconnect Github Apps Authentication

In order to disconnect the Github App from sublime, you will need to uninstall the Github App on Github. Learn more about how to do this here.

SSH Authentication

📘

SSH URL Required for SSH Authentication

When adding a rule feed using SSH authentication to Sublime, you must use the SSH URL for the repository.

✅ [email protected]:sublime-security/sublime-rules.git

❌ https://github.com/sublime-security/sublime-rules.git

Adding an SSH key

When creating an SSH key, make sure not to put a password on the key, since there is no way for Sublime to enter in the password. Don't worry though, the key is still encrypted in transit and at rest!

GitHub

1. Generate a new SSH key
2. Add the new SSH key to either your GitHub account or as a deploy key for the private repository containing your feed
   • Add an SSH key as a deploy key for the repository (recommended)
   • Add an SSH key to your GitHub account

GitLab

1. Generate a new SSH key
2. Add the SSH key to your GitLab account

Known host public key

When adding a private feed via SSH Authentication to Sublime, you can optionally provide a known host public key as extra protection against configuration errors and man-in-the-middle attacks. An SSH connection will fail if the public keys don't match.

Use ssh-keyscan to look up the public key for your Git server. For example, ssh-keyscan github.com will provide GitHub's current public key of:

ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBEmKSENjQEezOmxkZMy7opKgwFB9nkt5YRrYMjNuG5N87uRgg6CLrbo5wAdT/y6v0mKV0U2w0WZ2YB/++Tpockg=

HTTPS Authentication

📘

HTTPS URL Required for HTTPS Authentication

When adding a rule feed using HTTPS authentication to Sublime, you must use the URL for the repository.

❌[email protected]:sublime-security/sublime-rules.git

✅ https://github.com/sublime-security/sublime-rules.git

HTTPS Basic Authentication allows you to authenticate using a username and password with any Git server that supports this method. We also support using Personal Access Tokens for Github and Gitlab. When using Personal Access Tokens, a username is optional but when using a password, username is not optional.

GitHub

1. Create a fine-grained personal access token (recommended) or personal access token (classic)
2. For fine-grained tokens, grant Contents: Read and Metadata: Read permissions to your rule feed repository.

When configuring your private rule feed in Sublime, use your GitHub username (optional) and enter the Personal Access Token in the password/token field.

GitLab

1. Create a personal access token
2. Grant the read_repository scope for read-only access to your rule feed repository

When configuring your private rule feed in Sublime, use your GitLab username (optional) and enter the Personal Access Token in the password/token field.