Sublime uses SSH and HTTPS to authenticate to private rule feeds.

SSH Authentication

📘

SSH URL Required for SSH Authentication

When adding a rule feed using SSH authentication to Sublime, you must use the SSH URL for the repository.

✅ [email protected]:sublime-security/sublime-rules.git

❌ https://github.com/sublime-security/sublime-rules.git

Adding an SSH key

When creating an SSH key, make sure not to put a password on the key, since there is no way for Sublime to enter in the password. Don't worry though, the key is still encrypted in transit and at rest!

GitHub

1. Generate a new SSH key
2. Add the new SSH key to either your GitHub account or as a deploy key for the private repository containing your feed
   • Add an SSH key as a deploy key for the repository (recommended)
   • Add an SSH key to your GitHub account

GitLab

1. Generate a new SSH key
2. Add the SSH key to your GitLab account

---

Known host public key

When adding a private feed via SSH Authentication to Sublime, you can optionally provide a known host public key as extra protection against configuration errors and man-in-the-middle attacks. An SSH connection will fail if the public keys don't match.

Use ssh-keyscan to look up the public key for your Git server. For example, ssh-keyscan github.com will provide GitHub's current public key of:

ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBEmKSENjQEezOmxkZMy7opKgwFB9nkt5YRrYMjNuG5N87uRgg6CLrbo5wAdT/y6v0mKV0U2w0WZ2YB/++Tpockg=

HTTPS Authentication

📘

HTTPS URL Required for HTTPS Authentication

When adding a rule feed using HTTPS authentication to Sublime, you must use the URL for the repository.

❌[email protected]:sublime-security/sublime-rules.git

✅ https://github.com/sublime-security/sublime-rules.git

HTTPS Basic Authentication allows you to authenticate using a username and password with any Git server that supports this method. We also support using Personal Access Tokens for Github and Gitlab. When using Personal Access Tokens, a username is optional but when using a password, username is not optional.

GitHub

1. Create a fine-grained personal access token (recommended) or personal access token (classic)
2. For fine-grained tokens, grant Contents: Read and Metadata: Read permissions to your rule feed repository.

When configuring your private rule feed in Sublime, use your GitHub username (optional) and enter the Personal Access Token in the password/token field.

GitLab

1. Create a personal access token
2. Grant the read_repository scope for read-only access to your rule feed repository

When configuring your private rule feed in Sublime, use your GitLab username (optional) and enter the Personal Access Token in the password/token field.