authentication gitolite heroku-toolbelt gitosis .netrc

How does heroku ensure only app owners can git push to the heroku bare repo

Heroku has a really neat deployment mechanism. It piggybacks on a popular git tool. To deploy, all users have to do is

git push heroku master

I'm reading https://devcenter.heroku.com/articles/authentication with the hope of setting something up so I can ditch ftp and use git push to deploy updates to my non-heroku web server.

How does heroku ensure only authorized users can 'git push' to heroku?

Solution

Today, Heroku uses proprietary software which listens for TCP connections on SSH and HTTP and only understands the GIT protocol.

This means we can perform authentication easily, by inspecting the HTTP headers, or SSH private key sent when the connection is opened, and reject it if necessary.

We haven't been running gitolite for several years now.
You should be able to achieve something similar on your own server fairly easily though.
Using dokku for example.

Azure "easy auth" OpenID Connect scope
What If Session Expires While User Is Still On The Website
Remix run: Authentication succeeds on validation failures
WMS service basic authentication
How to manage user claims?
How to get the popup menu to select user certificate in Tomcat 10 server?
Enable password and unix_socket authentication for MariaDB root user?
How to consume from an eventsource API requiring auth headers?
How to display an Error message when logging in fails in Reactjs
Notify navbar of authenticated status when logged in (Angular)
Proper way to store a token retrieved client-side in nextjs 13 "App Router" version?
Signout and login not working in auth.js in Next14 with middleware and server actions
Laravel: Auth::user()->id trying to get a property of a non-object
404 page not found when running firebase deploy
.NET 8 Blazor Server - role authorization with Windows Authentication
Error: "OrganizationFromTenantGuidNotFound" (even with Microsoft 365 subscription)
Symfony2: How to change Entity Manager just before doing login_check
JWT signature verification failing
SMAppService register() - How to detect launch at startup/login vs regular launch?
AppwriteException: User (role: guest) missing scope (account), not able to get account after creating a session
authMiddleware doesn't exist after installing clerk
Stop request in CookieAuthenticationEvents.OnValidatePrincipal after response body has been written to
Blazor Hosted WebAssembly with Keycloak and Basic Authentication Issue
How to change the app name for Firebase authentication (what the user sees)
How do I restrict Apache/SVN access to specific users (LDAP/file-based authentication)?
Unexpected authorization behaviour in a Blazor Web App with .NET 8
MongoDB: Understand createUser and db admin
Update react context without refreshing page on state update
What is the standard/modern way to use CAC/PIV card authentication in Java/Tomcat web applications?
Keycloak retrieve custom attributes to KeycloakPrincipal