> ## Documentation Index
> Fetch the complete documentation index at: https://mintlify.hoop.dev/docs/llms.txt
> Use this file to discover all available pages before exploring further.

# Git

> Access git servers securely through Hoop using SSH. This integration enables secure git operations, repository management, and git server resource access through the Hoop proxy with complete audit trails and access controls. Works with GitHub, GitLab, Gitea, Forgejo, and any SSH-based git server.

export const ConnectionTemplate = ({config}) => {
  const defaultConfig = {
    name: "Connection",
    description: "Connection description",
    coverImage: "",
    features: {
      tlsTerminationProxy: {
        native: false,
        oneOff: false
      },
      audit: {
        native: false,
        oneOff: false
      },
      dataMaskingGoogleDLP: {
        native: false,
        oneOff: false
      },
      dataMaskingMSPresidio: {
        native: false,
        oneOff: false
      },
      guardrails: {
        native: false,
        oneOff: false
      },
      credentialsOffload: {
        native: false,
        oneOff: false
      },
      interactiveAccess: {
        native: false,
        oneOff: false
      }
    }
  };
  const finalConfig = Object.assign({}, defaultConfig, config);
  const renderIcon = enabled => {
    return enabled ? <Icon icon="check" /> : <Icon icon="xmark" />;
  };
  return <div>
      <h2>Before you start</h2>
      <p>To get the most out of this guide, you will need to:</p>
      <ul>
        <li>Either <a href="https://use.hoop.dev">create an account in our managed instance</a> or <a href="/getting-started/installation/overview">deploy your own hoop.dev instance</a></li>
        <li>You must be your account administrator to perform the following commands</li>
      </ul>

      {finalConfig.requirements && <>
          <h2>Requirements</h2>
          <p>{finalConfig.requirements.description}</p>
          {finalConfig.requirements.items && <ul>
            {finalConfig.requirements.items.map(item => <li>{item}</li>)}
          </ul>}
        </>}

      <h2>Features</h2>
      <p>The table below outlines the features available for this type of connection.</p>

      <ul>
        <li><strong>Native</strong> - Accessible via a native connection using hoop as proxy protocol to the resource.</li>
        <li><strong>One Off</strong> - This term refers to accessing the resource from Hoop Web Console.</li>
      </ul>

      <table>
        <thead>
          <tr>
            <th>Feature</th>
            <th>Native</th>
            <th>One Off</th>
            <th>Description</th>
          </tr>
        </thead>
        <tbody>
          <tr>
            <td>TLS Termination Proxy</td>
            <td>{renderIcon(finalConfig.features?.tlsTerminationProxy?.native)}</td>
            <td>{renderIcon(finalConfig.features?.tlsTerminationProxy?.oneOff)}</td>
            <td>The local proxy terminates the connection with TLS, enabling the connection with the remote server to be TLS encrypted.</td>
          </tr>
          <tr>
            <td>Audit</td>
            <td>{renderIcon(finalConfig.features?.audit?.native)}</td>
            <td>{renderIcon(finalConfig.features?.audit?.oneOff)}</td>
            <td>The gateway stores and audits the queries being issued by the client.</td>
          </tr>
          <tr>
            <td>Data Masking (Google DLP)</td>
            <td>{renderIcon(finalConfig.features?.dataMaskingGoogleDLP?.native)}</td>
            <td>{renderIcon(finalConfig.features?.dataMaskingGoogleDLP?.oneOff)}</td>
            <td>A policy can be enabled to mask sensitive fields dynamically when performing queries in the database.</td>
          </tr>
          <tr>
            <td>Data Masking (MS Presidio)</td>
            <td>{renderIcon(finalConfig.features?.dataMaskingMSPresidio?.native)}</td>
            <td>{renderIcon(finalConfig.features?.dataMaskingMSPresidio?.oneOff)}</td>
            <td>A policy can be enabled to mask sensitive fields dynamically when performing queries in the database.</td>
          </tr>
          <tr>
            <td>Guardrails</td>
            <td>{renderIcon(finalConfig.features?.guardrails?.native)}</td>
            <td>{renderIcon(finalConfig.features?.guardrails?.oneOff)}</td>
            <td>An intelligent layer of protection with smart access controls and monitoring mechanisms.</td>
          </tr>
          <tr>
            <td>Credentials Offload</td>
            <td>{renderIcon(finalConfig.features?.credentialsOffload?.native)}</td>
            <td>{renderIcon(finalConfig.features?.credentialsOffload?.oneOff)}</td>
            <td>The user authenticates via SSO instead of using database credentials.</td>
          </tr>
          <tr>
            <td>Interactive Access</td>
            <td>{renderIcon(finalConfig.features?.interactiveAccess?.native)}</td>
            <td>{renderIcon(finalConfig.features?.interactiveAccess?.oneOff)}</td>
            <td>Interactive access is available when using an IDE or connecting via a terminal to perform analysis exploration.</td>
          </tr>
        </tbody>
      </table>

      {finalConfig.resourceConfiguration?.credentials && <>
      <h2>Configuration</h2>
      <table>
        <thead>
          <tr>
            <th>Name</th>
            <th>Type</th>
            <th>Required</th>
            <th>Description</th>
          </tr>
        </thead>
        <tbody>
          {Object.entries(finalConfig.resourceConfiguration.credentials).map(([key, credential]) => {
    if (typeof credential === 'string' || credential.hidden) return null;
    return <tr key={key}>
                <td>{credential.name}</td>
                <td>{credential.type}</td>
                <td>{credential.required ? 'yes' : 'no'}</td>
                <td>
                  {credential.description?.split(/(\[[^\]]+\]\([^)]+\))/).map((part, index) => {
      const linkMatch = part.match(/\[([^\]]+)\]\(([^)]+)\)/);
      if (linkMatch) {
        return <a key={index} href={linkMatch[2]} target="_blank" rel="noopener noreferrer">{linkMatch[1]}</a>;
      }
      return part;
    })}
                </td>
              </tr>;
  }).filter(Boolean)}
        </tbody>
      </table>
      </>}
    </div>;
};

<ConnectionTemplate
  config={{
"id": "git",
"name": "Git",
"description": "Access git servers securely through Hoop using SSH. This integration enables secure git operations, repository management, and git server resource access through the Hoop proxy with complete audit trails and access controls. Works with GitHub, GitLab, Gitea, Forgejo, and any SSH-based git server.",
"category": "infrastructure-access",
"icon-name": "git",
"tags": [
"git",
"scm",
"security",
"cli"
],
"overview": {
"description": "Access git servers securely through Hoop using SSH. This integration enables secure git operations, repository management, and git server resource access through the Hoop proxy with complete audit trails and access controls. Works with GitHub, GitLab, Gitea, Forgejo, and any SSH-based git server."
},
"setupGuide": {
"accessMethods": {
  "webapp": false,
  "cli": true,
  "native": true,
  "runbooks": false
}
},
"resourceConfiguration": {
"type": "application",
"subtype": "git",
"credentials": [
  {
    "name": "HOST",
    "type": "env-var",
    "required": true,
    "description": "The git server SSH host address (e.g., github.com, gitlab.com, gitea.example.com)",
    "placeholder": "github.com"
  },
  {
    "name": "USER",
    "type": "env-var",
    "required": true,
    "description": "The git server SSH user (typically 'git' for most servers)",
    "placeholder": "git"
  },
  {
    "name": "AUTHORIZED_SERVER_KEYS",
    "type": "env-var",
    "required": true,
    "description": "The private SSH key for authenticating with the git server. Must be registered with your git server account.",
    "placeholder": "Enter your git server SSH private key"
  }
]
},
"documentationConfig": {
"path": "quickstart/cloud-services/git"
},
"features": {
"tlsTerminationProxy": {
  "native": true,
  "oneOff": false
},
"audit": {
  "native": true,
  "oneOff": false
},
"dataMaskingGoogleDLP": {
  "native": false,
  "oneOff": false
},
"dataMaskingMSPresidio": {
  "native": false,
  "oneOff": false
},
"guardrails": {
  "native": false,
  "oneOff": true
},
"credentialsOffload": {
  "native": true,
  "oneOff": false
},
"interactiveAccess": {
  "native": true,
  "oneOff": false
}
}
}}
/>

## SSH Key Setup

To access git servers through Hoop, you need an SSH key registered with your git server account. This works with GitHub, GitLab, Gitea, Forgejo, and any SSH-based git server.

### Generate SSH Key (if you don't have one)

```sh theme={"dark"}
ssh-keygen -t rsa -b 4096 -f ~/.ssh/git_key -N ""
```

### Register Key with Your Git Server

**GitHub:**

* Go to GitHub Settings → SSH and GPG keys → New SSH key
* Paste your public key
* Give it a name (e.g., "Git Access")
* Click "Add SSH key"

**GitLab:**

* Go to GitLab Settings → SSH Keys
* Paste your public key
* Set expiration date if needed
* Click "Add key"

**Gitea/Forgejo:**

* Go to Settings → SSH/GPG Keys
* Click "Add Key"
* Paste your public key

### Display Your Public Key

```sh theme={"dark"}
cat ~/.ssh/git_key.pub
```
