codevalet
/
inline-pipeline-secrets
mirror of https://github.com/codevalet/inline-pipeline-secrets
1
0
Fork 0
Code Issues Releases Wiki Activity
inline-pipeline-secrets/README.adoc

1.4 KiB
Raw Permalink Blame History

<html lang="en"> <head> </head>

Inline Pipeline Secrets

This is a Pipeline Shared Library which helps support the use of user-defined inline secrets from within a Jenkinsfile.

Warning

This repository hasnt had a rigorous security evaluation, use at your own risk.

Prerequisites

This Shared Library requires that the Pipeline plugin and Mask Passwords plugin installed.

Using

Decrypting Secrets

A Pipeline can use secrets similar to environment variables:

Jenkinsfile
node {
    stage('Deploy') {
        withSecrets(
            AWS_SECRET_ID: '{AQAAABAAAAAQWsBycxCz0x8ouOKJLU9OTvHdsN7kt7+6RAcV2zZJTm4=}'
        ) {
            echo "I should be deploying something with: ${env.AWS_SECRET_ID}"
        }
    }
}
Usage in Blue Ocean

Encrypting Secrets

A Pipeline can be used to offer a user interface for encrypting.

Jenkinsfile
promptUserForEncryption()

API

Note

This approach relies on Jenkins instance-specific private key which means the encrypted ciphertexts are not portable across Jenkins instances.

promptUserForEncryption()

createSecretText()

unsafeSecretAccess()

withSecrets()

Last updated 2024-04-25 02:23:17 UTC
</html>