• Request for Comment
  • Version Control System Requirements

    Armor’s leverages Infrastructure-as-Code (IaC) to simplify the deployment and management of your security stack based on our best practices reference architecture. We provide access to these infrastructure modules and reference architecture documentation to our customers via source code repositories in GitHub.

    As an Armor customer, you may choose to either host the infrastructure code repositories in your own version control system or for Armor to manage them either in a GitHub organization you control or in Armor’s own GitHub organization.

    This document describes the requirements for your Version Control System (VCS) if you choose to host these repositories yourself.

    Supported Providers

    Your Version Control System must support Git. Below is a list of well-known, supported providers:

    Service Account Permissions

    Armor provides two different methods of receiving updates to our infrastructure code modules and reference architecture templates, each has a different set of required permissions. These permissions may differ in each source control platform. If you need assistance, please reach out to your Armor solutions consultant – they can validate the configuration of your VCS as part of the onboarding process.

    Customer-Moderated Deployment

    For customers that wish to review changes to their environment prior to deployment, Armor can submit a pull request to your repository with any changes. This can then trigger any manual or automated review process desired.

    In this case, Armor only requires read access to your infrastructure-live and infrastructure-modules repositories and permissions to submit a pull request to both.

    Fully-Managed Deployment

    For customers that want Armor to manage the deployment of the security stack on their behalf, Armor will require the following permissions:

    • All permissions described above for customer-moderated deployments; plus

    • Create repositories (optional – these may be created in advance by the customer);

    • Manage repository permissions (scoped);

    • Manage automation routines (such as GitHub Actions, Azure DevOps Pipelines, etc.);

    • Repository write permission (scoped);

    • Force push permission (scoped);

    • Permission to create pull requests (scoped); and

    • Permission to merge pull requests (scoped).