= Inline Pipeline Secrets

This is a link:https://jenkins.io/doc/book/pipeline/shared-libraries[Pipeline
Shared Library] which helps support the use of user-defined inline secrets from
within a `Jenkinsfile`.

[WARNING]
====
This repository hasn't had a rigorous security evaluation, use at your own risk.
====

== Prerequisites

This Shared Library requires that the
link:https://plugins.jenkins.io/workflow-aggregator[Pipeline plugin] and
link:https://plugins.jenkins.io/mask-passwords[Mask Passwords plugin]
installed.


== Using

=== Decrypting Secrets

A Pipeline can use secrets similar to environment variables:

.Jenkinsfile
[source,groovy]
----
node {
    stage('Deploy') {
        withSecrets(
            AWS_SECRET_ID: '{AQAAABAAAAAQWsBycxCz0x8ouOKJLU9OTvHdsN7kt7+6RAcV2zZJTm4=}'
        ) {
            echo "I should be deploying something with: ${env.AWS_SECRET_ID}"
        }
    }
}
----

image::https://raw.githubusercontent.com/CodeValet/inline-pipeline-secrets/master/assets/with-screenshot.png[Usage in Blue Ocean]

=== Encrypting Secrets

A Pipeline can be used to offer a user interface for encrypting.

.Jenkinsfile
[source,groovy]
----
promptUserForEncryption()
----

== API


[NOTE]
====
This approach relies on Jenkins instance-specific private key which
means the encrypted ciphertexts are not portable across Jenkins instances.
====

`promptUserForEncryption()`

`createSecretText()`

`unsafeSecretAccess()`

`withSecrets()`