codevalet
/
inline-pipeline-secrets
mirror of https://github.com/codevalet/inline-pipeline-secrets
1
0
Fork 0
Code Issues Releases Wiki Activity
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
4 Commits
1 Branch
0 Tags
41 KiB
 
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from 'master'
${ noResults }
Go to file
R. Tyler Croy 0b1840825b
Here be dragons 		6 years ago
assets Add an initial version of the shared library 6 years ago
vars Add an initial version of the shared library 6 years ago
.gitignore Add an initial version of the shared library 6 years ago
README.adoc Here be dragons 6 years ago

README.adoc
Escape

<html lang="en"> <head> </head>

Inline Pipeline Secrets

This is a Pipeline Shared Library which helps support the use of user-defined inline secrets from within a Jenkinsfile.

Warning

This repository hasnt had a rigorous security evaluation, use at your own risk.

Prerequisites

This Shared Library requires that the Pipeline plugin and Mask Passwords plugin installed.

Using

Decrypting Secrets

A Pipeline can use secrets similar to environment variables:

Jenkinsfile
node {
    stage('Deploy') {
        withSecrets(
            AWS_SECRET_ID: '{AQAAABAAAAAQWsBycxCz0x8ouOKJLU9OTvHdsN7kt7+6RAcV2zZJTm4=}'
        ) {
            echo "I should be deploying something with: ${env.AWS_SECRET_ID}"
        }
    }
}
Usage in Blue Ocean

Encrypting Secrets

A Pipeline can be used to offer a user interface for encrypting.

Jenkinsfile
promptUserForEncryption()

API

Note

This approach relies on Jenkins instance-specific private key which means the encrypted ciphertexts are not portable across Jenkins instances.

promptUserForEncryption()

createSecretText()

unsafeSecretAccess()

withSecrets()

Last updated 2023-03-31 15:07:10 -0700
</html>