Skip to Content (Press Enter)
Back to Ideas
2
Like
Follow Idea
Improve Extensibility Configuration for Private Git Repositories
61Views
0Comments
New
Mobile

Problem: When setting up the Extensibility Configurations JSON for a mobile plugin, we often need to define the URL to a private Git repository.

Currently, the only way to do this securely is to:

  1. Manually construct the full URL, including the secret token (e.g., https://@github.com//.git).

  2. Place this entire string into a single Application Setting.

  3. Mark that setting as "Secret" to protect the token.

This process works, but it has a major drawback: it completely hides repository visibility. Because the entire URL is secret, no one can see which repository is being configured (the owner and repo name) without having permissions to view/edit secrets. Over time, this leads to confusion and makes the application difficult to maintain.

Proposed Solutions:

I propose two potential solutions to improve this workflow:

Solution 1: Allow Concatenation in Application Settings

Allow the value of an Application Setting to be built by concatenating other settings. This would let us define the parts visibly and keep only the token secret.

For example:

  • MyPlugin_Owner (Text, Visible): my-company

  • MyPlugin_Repo (Text, Visible): my-private-plugin

  • MyPlugin_Token (Secret, Hidden): ghp_abc123...

  • MyPlugin_FullUrl (Text): https:// + $extensibilitySettings.MyPlugin_Token + @github.com/ + $extensibilitySettings.MyPlugin_Owner + / + $extensibilitySettings.MyPlugin_Repo + .git

The Extensibility JSON would then just reference $extensibilitySettings.MyPlugin_FullUrl.

Solution 2: Create a "Git Repository" Setting Type (Ideal)

This is a more platform-native solution. Introduce a new, special "Type" for Application Settings, let's call it "Git Repository".

When a developer selects this type, the ODC portal would show a structured form instead of a single text box:

  • Git Host: (e.g., github.com)

  • Owner Name: (e.g., my-company)

  • Repository Name: (e.g., my-private-plugin)

  • Git Token: (This field would only accept a reference to another setting, like $extensibilitySettings.MySecretGitToken, ensuring the token is managed securely as a separate Secret).

Bonus Feature: Crucially, add a "Test Connection" button next to this setting in the ODC portal. This would allow the developer to instantly verify if the credentials and URL are correct before wasting 10-15 minutes on a MABS build just to see it fail with a "Permission Denied" error.

Benefits:

  • Solution 1 adds flexibility.

  • Solution 2 would dramatically improve the developer experience, maintain full security, and save countless hours of developer time lost to failed builds.

05 Nov 2025
Copy link to comment