AI Workbench Integrations#

Screenshot of the Workbench integrations page in the application settings page. From left to right shows NGC, GitHub, GitLab, and an example of self-hosted GitLab.

Overview of Integrations#

Streamlining access to platforms and services like GitHub container registries requires under-the-hood implementation of different APIs and authentication methods.

Manually configuring this on a project by project basis would be very painful, so Workbench handles this through Integrations.

Integrations programmatically handle access to platforms and services to provide a uniform experience across projects and locations.

Default vs custom integrations#

  • Default Integrations are pre-configured in the Settings page and just require an authentication flow.

  • Custom Integrations require manual configuration to setup an authentication flow.

Default integrations are simple#

  • Click Connect on the card for a given service or platform in the Settings page.

  • Follow the authentication flow for the particular integration.

Custom integrations have a few more steps#

  • Create the integration by selecting the integration type and entering the required metadata.

  • Connect the integration to trigger the authentication flow.

Authentication Methods#

Supported authentication methods#

  • OAuth: Streamlined access to resources or services through token exchange.

  • Personal Access Token (PAT): Customized access based on privileges you assign to the token.

  • API Key: Similar to a PAT.

Table of integrations#

Note

The best way to understand how integrations work is to work through the exercises in the Onboarding Project.

Connecting Default Integrations#

Prerequisites and basic steps#

Prerequisites: Have an active account and be logged in to the service or platform.

Basic steps for a default integration

  1. Open AI Workbench Settings (Integration Settings).

  2. Select the Integrations page.

  3. Click Connect on the card for the integration you want to connect.

  4. Select an authentication methodand follow the flow.

Details for GitHub.com#

OAuth Flow: Easiest way to connect to GitHub.

  • Click Connect on the GitHub card in Settings, and select OAuth.

  • Click through whatever is required to connect to your GitHub account

  • Copy the code displayed in the Workbench popup and paste it into the GitHub authentication page

  • Authorize the NVIDIA GitHub App and wait for the connection to complete

Learn about OAuth apps in GitHub here.

PAT Flow: More granular control over access to your GitHub resources.

  • Create a PAT on GitHub with the following scopes:

    • repo — Full control of private repositories

    • read:org — Read access to organization membership and teams

    • user — Read access to user profile information

    • read:packages — Read access to GitHub packages

  • Click Connect to start the authentication flow and select Personal Access Token.

  • Enter your PAT and click Connect.

Details for GitLab.com#

OAuth Flow: Easiest way to connect to GitLab.

  • Click Connect on the GitLab integration card in Settings, and select OAuth.

  • Click through whatever is required to connect to your GitLab account

  • Wait for the connection to complete

PAT Flow: Grants the same access as the OAuth flow.

  • Create a PAT on GitLab with the api scope

  • Click Connect on the GitLab integration card in Settings, and select Personal Access Token.

  • Enter your PAT and click Connect.

Learn about Personal Access Tokens on GitLab here.

Details for NVIDIA NGC and nvidia.build.com#

NGC only provides API Keys for authentication. They are called Personal Keys.

  • Create a Personal Key on NGC

    • Log in to NGC and navigate to Setup > Keys/Secrets > Generate API Key.

    • Click Generate Personal Key, name it, set the expiration, and select the following services:

      • Catalog - Access to the NGC Catalog

      • Registry - Access to the NGC Container Registry

      • Build - Access to the NGC Build service

    • Click Generate Personal Key

  • Click Connect on the NGC integration card in the Workbench Settings page.

  • Enter your Personal API Key and click Connect.

Creating and Connecting Custom Integrations#

Workbench has two custom integrations: self-hosted GitLab and NVIDIA Brev.

Self-Hosted GitLab#

You can use an OAuth flow or a PAT to connect your Workbench to a self-hosted GitLab instance.

The OAuth flow requires setup for the GitLab and is deferred to Self-Hosted Gitlab.

The PAT flow is straightforward and is described here.

High-Level Steps for PAT:

  • Add a new integration of type “Self-Hosted GitLab”

  • Connect the integration using the card that appears in Settings

Detailed Steps for PAT:

  • Create a PAT on the GitLab instance (see here for how to create a PAT)

  • Click Add Integration in the Integration page in Settings.

  • Select “Self-Hosted GitLab” as the Integration Type

  • Enter a distinct Display Name and select PAT as the Authentication Method.

  • Enter the URL for your self-hosted GitLab instance and click Add.

  • Click Connect on the new integration card in Settings and enter your PAT.

NVIDIA Brev#

NVIDIA Brev is NVIDIA’s cloud aggregator platform that lets users provision and access GPU-powered cloud instances from a range of cloud providers.

For more information on setting up and using Brev with AI Workbench, see NVIDIA Brev Integration.

FAQs#

Common questions on Workbench Integrations#

Does Configuring an Integration Give NVIDIA Access to My Credentials or Accounts?#

No. NVIDIA does not get any access to your credentials or accounts.

Configuring an integration just provides the Desktop App installed on your laptop with the necessary permissions to authenticate to the given platform or service.

In addition, the Desktop App does not have any telemetry of any kind, so there is no way that any of your information would be passed back to NVIDIA.

You can revoke this access at anytime by disconnecting the integration.

What Kind of Access Workbench Actually Need to my GitHub or GitLab Resources in Order to Manage Projects?#

Workbench needs full API access to manage repositories on your behalf, including creating, modifying, and pushing changes to both public and private repositories. GitHub does not offer a more granular PAT scope that allows write access for creating repositories.

If I use a PAT or API Key as the Authentication Mechanism, How Does AI Workbench Store It?#

AI Workbench stores and uses credentials for integrations when connected. By default, all credentials are stored and encrypted at rest using the host system’s secret storage that is tied to your login.

On macOS, credentials are stored in the Keychain. On Windows, they are stored using the Windows Credentials API. On Linux, credentials are stored using the dbus secret service, which is gnome-keyring by default with Ubuntu.

This ensures that your credentials are secure and protected, while still being easily accessible when needed.

How Does Workbench Pass Credentials to a Location?#

When you start a location using the desktop app or CLI, the associated Workbench service is started and your credentials are pushed into memory for use by the service.

Depending on your container runtime, AI Workbench may write a temporary file or act as a credential helper to provide credentials to the runtime. If written to a file, the file is removed at service stop.

When using Git with AI Workbench, your credentials are provided to Git via a custom credential helper. This keeps your credentials safe and secure, without the need to store them on the file system.

Can I Use the CLI to Connect an Integration?#

Yes. This has two steps. First you create the integration, and then you connect it to trigger the authentication flow.

  1. Run the following command to start the interactive integration setup:

    nvwb create integration
    
  2. Select the particular integration you want to connect and hit Enter.

  3. Enter the required details as prompted.

  4. Once setup is complete, AI Workbench lists all configured integrations. Verify that your new integration appears.

  5. To connect to the integration, run:

    nvwb connect integration <integration name>
    

How Do I Disconnect an Integration?#

  1. Open AI Workbench Settings (:ref:settings-integrations).

  2. Select the Integrations page.

  3. Click Disconnect on the integration card you want to remove

Do I Need an NGC API Key to Use Workbench?#

No. The default containers used for project creation are ungated, so you don’t need an API key to use them.

However, you do need an NGC API Key if you want to use the following from build.nvidia.com: