codevalet
/
inline-pipeline-secrets
mirror of https://github.com/codevalet/inline-pipeline-secrets
1
0
Fork 0
Code Issues Releases Wiki Activity
4 Commits 1 Branch 0 Tags 41 KiB
Groovy 100%
Go to file
R. Tyler Croy 0b1840825b Here be dragons 2017-09-06 08:52:53 -07:00
assets Add an initial version of the shared library 2017-08-09 18:51:39 -07:00
vars Add an initial version of the shared library 2017-08-09 18:51:39 -07:00
.gitignore Add an initial version of the shared library 2017-08-09 18:51:39 -07:00
README.adoc Here be dragons 2017-09-06 08:52:53 -07:00

README.adoc

<html lang="en"> <head> </head>

Inline Pipeline Secrets

This is a Pipeline Shared Library which helps support the use of user-defined inline secrets from within a Jenkinsfile.

Warning

This repository hasnt had a rigorous security evaluation, use at your own risk.

Prerequisites

This Shared Library requires that the Pipeline plugin and Mask Passwords plugin installed.

Using

Decrypting Secrets

A Pipeline can use secrets similar to environment variables:

Jenkinsfile
node {
    stage('Deploy') {
        withSecrets(
            AWS_SECRET_ID: '{AQAAABAAAAAQWsBycxCz0x8ouOKJLU9OTvHdsN7kt7+6RAcV2zZJTm4=}'
        ) {
            echo "I should be deploying something with: ${env.AWS_SECRET_ID}"
        }
    }
}
Usage in Blue Ocean

Encrypting Secrets

A Pipeline can be used to offer a user interface for encrypting.

Jenkinsfile
promptUserForEncryption()

API

Note

This approach relies on Jenkins instance-specific private key which means the encrypted ciphertexts are not portable across Jenkins instances.

promptUserForEncryption()

createSecretText()

unsafeSecretAccess()

withSecrets()

Last updated 2024-04-20 00:00:33 UTC
</html>