Repository authentication fails when ArgoCD cannot connect due to expired credentials, missing SSH keys, or incompatible key algorithms. Fix by verifying credentials, using personal access tokens, and updating SSH key algorithms.
ArgoCD repository authentication failure occurs when the Git repository credentials configured in ArgoCD are invalid, expired, or incompatible. This can happen with GitHub, GitLab, Bitbucket, or any private Git repository. Common causes include expired personal access tokens, deleted SSH keys, incorrect username/password combinations, or SSH key signature algorithm mismatches.
View the full error message in ArgoCD UI. Navigate to Settings > Repositories and check the repository status. Click the Failed indicator to see detailed error information.
Get detailed authentication error information from logs:
kubectl logs -n argocd -l app.kubernetes.io/name=argocd-repo-server | grep -i authCreate a GitHub personal access token (PAT) with repo scope:
1. Go to GitHub Settings > Developer settings > Personal access tokens
2. Generate new token with repo permission
3. In ArgoCD, set repository credentials:
argocd repo add https://github.com/user/repo --username your-github-username --password YOUR_PATIf using SSH, ensure your key is not RSA with SHA-1. Generate new keys:
ssh-keygen -t ed25519 -C "[email protected]"Then add to your Git provider and update ArgoCD.
Alternatively, configure SSH to allow sha1:
ssh -o PubkeyAcceptedAlgorithms=+ssh-rsa -v user@hostFor SSH authentication, add your private key:
argocd repo add [email protected]:user/repo.git --ssh-private-key-path ~/.ssh/id_ed25519Ensure the key has correct permissions: chmod 600 ~/.ssh/id_ed25519
Ensure repository URL format is correct:
- HTTPS: https://github.com/user/repo.git
- SSH: [email protected]:user/repo.git
Some providers like GitLab require .git suffix. Test connectivity:
git clone <repo-url>If using GitHub App authentication, navigate to repository Settings > Installed GitHub Apps and authorize the ArgoCD GitHub App to access your repository.
Verify credentials work before adding to application:
argocd repo test https://github.com/user/repo
argocd repo test [email protected]:user/repo.gitFor production environments, use SSH keys over HTTPS when possible - they are more secure and do not expire like tokens. Store SSH keys in Kubernetes secrets rather than directly in ConfigMaps. Consider using an external secrets operator to manage credentials. Rotate credentials regularly and monitor repository connectivity in your monitoring system. For declarative setup, ensure repository credentials are defined before repositories using them.
Failed to connect to server: connection refused (HTTP/2)
How to fix "HTTP/2 connection refused" error in Kubernetes
missing request for cpu in container
How to fix "missing request for cpu in container" in Kubernetes HPA
error: invalid configuration
How to fix "error: invalid configuration" in Kubernetes
etcdserver: cluster ID mismatch
How to fix "etcdserver: cluster ID mismatch" in Kubernetes
running with swap on is not supported
How to fix "running with swap on is not supported" in kubeadm