inline-pipeline-secrets/README.adoc

= Inline Pipeline Secrets

This is a link:https://jenkins.io/doc/book/pipeline/shared-libraries[Pipeline
Shared Library] which helps support the use of user-defined inline secrets from
within a `Jenkinsfile`.

[WARNING]
====
This repository hasn't had a rigorous security evaluation, use at your own risk.
====

== Prerequisites

This Shared Library requires that the
link:https://plugins.jenkins.io/workflow-aggregator[Pipeline plugin] and
link:https://plugins.jenkins.io/mask-passwords[Mask Passwords plugin]
installed.


== Using

=== Decrypting Secrets

A Pipeline can use secrets similar to environment variables:

.Jenkinsfile
[source,groovy]
----
node {
    stage('Deploy') {
        withSecrets(
            AWS_SECRET_ID: '{AQAAABAAAAAQWsBycxCz0x8ouOKJLU9OTvHdsN7kt7+6RAcV2zZJTm4=}'
        ) {
            echo "I should be deploying something with: ${env.AWS_SECRET_ID}"
        }
    }
}
----

image::https://raw.githubusercontent.com/CodeValet/inline-pipeline-secrets/master/assets/with-screenshot.png[Usage in Blue Ocean]

=== Encrypting Secrets

A Pipeline can be used to offer a user interface for encrypting.

.Jenkinsfile
[source,groovy]
----
promptUserForEncryption()
----

== API


[NOTE]
====
This approach relies on Jenkins instance-specific private key which
means the encrypted ciphertexts are not portable across Jenkins instances.
====

`promptUserForEncryption()`

`createSecretText()`

`unsafeSecretAccess()`

`withSecrets()`
Add an initial version of the shared library 2017-08-10 01:51:39 +00:00			`= Inline Pipeline Secrets`

			`This is a link:https://jenkins.io/doc/book/pipeline/shared-libraries[Pipeline`
			`Shared Library] which helps support the use of user-defined inline secrets from`
			within a `Jenkinsfile`.

Add the instance-specific caveat 2017-08-10 17:05:24 +00:00			`[WARNING]`
			`====`
Here be dragons 2017-09-06 15:52:53 +00:00			`This repository hasn't had a rigorous security evaluation, use at your own risk.`
Add the instance-specific caveat 2017-08-10 17:05:24 +00:00			`====`

Add an initial version of the shared library 2017-08-10 01:51:39 +00:00			`== Prerequisites`

			`This Shared Library requires that the`
			`link:https://plugins.jenkins.io/workflow-aggregator[Pipeline plugin] and`
			`link:https://plugins.jenkins.io/mask-passwords[Mask Passwords plugin]`
			`installed.`


			`== Using`

			`=== Decrypting Secrets`

			`A Pipeline can use secrets similar to environment variables:`

			`.Jenkinsfile`
			`[source,groovy]`
			`----`
			`node {`
			`stage('Deploy') {`
			`withSecrets(`
			`AWS_SECRET_ID: '{AQAAABAAAAAQWsBycxCz0x8ouOKJLU9OTvHdsN7kt7+6RAcV2zZJTm4=}'`
			`) {`
			`echo "I should be deploying something with: ${env.AWS_SECRET_ID}"`
			`}`
			`}`
			`}`
			`----`

Add the screenshot 2017-08-10 01:53:16 +00:00			`image::https://raw.githubusercontent.com/CodeValet/inline-pipeline-secrets/master/assets/with-screenshot.png[Usage in Blue Ocean]`

Add an initial version of the shared library 2017-08-10 01:51:39 +00:00			`=== Encrypting Secrets`

			`A Pipeline can be used to offer a user interface for encrypting.`

			`.Jenkinsfile`
			`[source,groovy]`
			`----`
			`promptUserForEncryption()`
			`----`

			`== API`

Here be dragons 2017-09-06 15:52:53 +00:00
			`[NOTE]`
			`====`
			`This approach relies on Jenkins instance-specific private key which`
			`means the encrypted ciphertexts are not portable across Jenkins instances.`
			`====`

Add an initial version of the shared library 2017-08-10 01:51:39 +00:00			`promptUserForEncryption()`

			`createSecretText()`

			`unsafeSecretAccess()`

			`withSecrets()`