Add an initial version of the shared library
This commit is contained in:
commit
f68141b019
|
@ -0,0 +1,54 @@
|
|||
= Inline Pipeline Secrets
|
||||
|
||||
This is a link:https://jenkins.io/doc/book/pipeline/shared-libraries[Pipeline
|
||||
Shared Library] which helps support the use of user-defined inline secrets from
|
||||
within a `Jenkinsfile`.
|
||||
|
||||
|
||||
== Prerequisites
|
||||
|
||||
This Shared Library requires that the
|
||||
link:https://plugins.jenkins.io/workflow-aggregator[Pipeline plugin] and
|
||||
link:https://plugins.jenkins.io/mask-passwords[Mask Passwords plugin]
|
||||
installed.
|
||||
|
||||
|
||||
== Using
|
||||
|
||||
=== Decrypting Secrets
|
||||
|
||||
A Pipeline can use secrets similar to environment variables:
|
||||
|
||||
.Jenkinsfile
|
||||
[source,groovy]
|
||||
----
|
||||
node {
|
||||
stage('Deploy') {
|
||||
withSecrets(
|
||||
AWS_SECRET_ID: '{AQAAABAAAAAQWsBycxCz0x8ouOKJLU9OTvHdsN7kt7+6RAcV2zZJTm4=}'
|
||||
) {
|
||||
echo "I should be deploying something with: ${env.AWS_SECRET_ID}"
|
||||
}
|
||||
}
|
||||
}
|
||||
----
|
||||
|
||||
=== Encrypting Secrets
|
||||
|
||||
A Pipeline can be used to offer a user interface for encrypting.
|
||||
|
||||
.Jenkinsfile
|
||||
[source,groovy]
|
||||
----
|
||||
promptUserForEncryption()
|
||||
----
|
||||
|
||||
== API
|
||||
|
||||
`promptUserForEncryption()`
|
||||
|
||||
`createSecretText()`
|
||||
|
||||
`unsafeSecretAccess()`
|
||||
|
||||
`withSecrets()`
|
Binary file not shown.
After Width: | Height: | Size: 20 KiB |
|
@ -0,0 +1,7 @@
|
|||
#!/usr/bin/env groovy
|
||||
|
||||
import hudson.util.Secret
|
||||
|
||||
def call(String text) {
|
||||
return Secret.fromString(text)
|
||||
}
|
|
@ -0,0 +1,10 @@
|
|||
#!/usr/bin/env groovy
|
||||
|
||||
def call() {
|
||||
def s = input(message: 'Text',
|
||||
ok: 'Encrypt',
|
||||
parameters: [password(defaultValue: '',
|
||||
description: 'Text for encryption',
|
||||
name: 'Plain text')])
|
||||
echo "Use this encrypted value in your Jenkinsfile: ${s.encryptedValue}"
|
||||
}
|
|
@ -0,0 +1,7 @@
|
|||
#!/usr/bin/env groovy
|
||||
|
||||
import hudson.util.Secret
|
||||
|
||||
def call(String cipherText) {
|
||||
return Secret.decrypt(cipherText)
|
||||
}
|
|
@ -0,0 +1,28 @@
|
|||
#!/usr/bin/env groovy
|
||||
import hudson.util.Secret
|
||||
|
||||
def call(Map ciphers, Closure body) {
|
||||
List<Map> cipherPairs = []
|
||||
/* https://issues.jenkins-ci.org/browse/JENKINS-27392 */
|
||||
List cipherEnv = []
|
||||
|
||||
body.resolveStrategy = Closure.DELEGATE_FIRST
|
||||
|
||||
ciphers.each { String key, String cipherText ->
|
||||
String plainText = Secret.decrypt(cipherText).plainText
|
||||
cipherEnv.add("${key}=${plainText}")
|
||||
cipherPairs.add([var: key,
|
||||
password: plainText])
|
||||
}
|
||||
|
||||
try {
|
||||
wrap([$class: 'MaskPasswordsBuildWrapper',
|
||||
varPasswordPairs: cipherPairs]) {
|
||||
withEnv(cipherEnv) { body.call() }
|
||||
}
|
||||
|
||||
}
|
||||
catch (java.lang.IllegalArgumentException e) {
|
||||
error 'Cannot use withSecret() without installing the Mask Passwords plugin'
|
||||
}
|
||||
}
|
Loading…
Reference in New Issue