jenkinsci
/
configuration-as-code-plugin
mirror of https://github.com/jenkinsci/configuration-as-code-plugin.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Added more info in docs for Vault (#462) 

* Added more info in docs for Vault

* Removed misleading info about Vault
This commit is contained in:
Paweł Kurek 2018-08-21 19:47:30 +02:00 committed by Ewelina Wilkosz
parent c058403b96
commit b2c73a2fc8
2 changed files with 33 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

34
docs/VAULT.md
View File

@ -27,4 +27,36 @@ AWS_SECRET_ACCESS_KEY="[YOUR AWS SECRET ACCESS KEY]" \
SSH_PRIVATE_KEY=@/vault/file/secrets/jenkins_ssh_key
```
Essentially, anything can go into a vault, as long as it's KEY=VALUE formatted. If you work inside a docker container, the above example requires you to have the file `/vault/file/secrets/jenkins_ssh_key` exist inside the docker container.
Essentially, anything can go into a vault, as long as it's KEY=VALUE formatted. If you work inside a docker container, the above example requires you to have the file `/vault/file/secrets/jenkins_ssh_key` exist inside the docker container.
## Usage
```bash
$ vault kv get kv/jenkins/master
============= Data =============
Key Value
--- -----
operator_pass doggo
operator_userid catto
```
and use them in configuration:
```yaml
# config truncated
credentials:
system:
domainCredentials:
- credentials:
- usernamePassword:
scope: "GLOBAL"
id: "${operator_userid}"
username: "${operator_userid}"
password: "${operator_pass}"
description: "i am catto with doggo pass"
```
## Current limitations
Due to dependency on BetterCloud's [vault-java-driver](https://github.com/BetterCloud/vault-java-driver), Vault's change default KV backend from v1 to v2 and HTTP endpoints change it's currently unable to use Vault's KV v2 secret store. ([see issue on BetterCloud project](https://github.com/BetterCloud/vault-java-driver/issues/114))
Be aware which version you use as default dev Vault server, starting from 0.10, it uses KV v2. [See docs](https://www.vaultproject.io/docs/secrets/kv/kv-v2.html)

2
plugin/src/main/java/io/jenkins/plugins/casc/impl/secrets/VaultSecretSource.java
View File

@ -18,8 +18,6 @@ import java.util.logging.Level;
import java.util.logging.Logger;
/**
* Replaces secrets from .yaml files with the ${vault.*} prefix
*
* Requires either CASC_VAULT_USER and CASC_VAULT_PW, or CASC_VAULT_TOKEN environment variables set
* alongside with CASC_VAULT_PATH and CASC_VAULT_URL
*/