ebee63be35
* Add `readBase64` substitutor for reading base64-encoded variables * Fix the SpotBugs issue with the encoding * Swith to decodeBase64() |
||
|---|---|---|
| .. | ||
| README.md | ||
README.md
credentials plugin
Requires credentials >= 2.2.0
All values with "${SOME_SECRET}" is resolved by our Secret Sources Resolver you can read more about which sources are supported
Since JCasC version v1.42 we have added support for variable expansion for base64, readFileBase64 and readFile.
More variable expansion options have been added later.
Read more about the syntax
You can also see an example below
Sample Configuration
credentials:
system:
domainCredentials:
- domain:
name: "test.com"
description: "test.com domain"
specifications:
- hostnameSpecification:
includes: "*.test.com"
credentials:
- usernamePassword:
scope: SYSTEM
id: sudo_password
username: root
password: "${SUDO_PASSWORD}"
Example
jenkins:
systemMessage: "Example of configuring credentials in Jenkins"
credentials:
system:
domainCredentials:
- credentials:
- basicSSHUserPrivateKey:
scope: SYSTEM
id: ssh_with_passphrase_provided
username: ssh_root
passphrase: ${SSH_KEY_PASSWORD}
description: "SSH passphrase with private key file. Private key provided"
privateKeySource:
directEntry:
privateKey: "${SSH_PRIVATE_KEY}"
# Another option passing via a file via ${readFile:/path/to/file}
- basicSSHUserPrivateKey:
scope: SYSTEM
id: ssh_with_passphrase_provided_via_file
username: ssh_root
passphrase: "${SSH_KEY_PASSWORD}"
description: "SSH passphrase with private key file. Private key provided"
privateKeySource:
directEntry:
privateKey: "${readFile:${SSH_PRIVATE_FILE_PATH}}" # Path to file loaded from Environment Variable
- usernamePassword:
scope: GLOBAL
id: "username"
username: "some-user"
password: "${SOME_USER_PASSWORD}"
description: "Username/Password Credentials for some-user"
- string:
scope: GLOBAL
id: "secret-text"
secret: "${SECRET_TEXT}"
description: "Secret Text"
- aws:
scope: GLOBAL
id: "AWS"
accessKey: "${AWS_ACCESS_KEY}"
secretKey: "${AWS_SECRET_ACCESS_KEY}"
description: "AWS Credentials"
- file:
scope: GLOBAL
id: "secret-file"
fileName: "mysecretfile.txt"
secretBytes: "${base64:${readFile:${SECRET_FILE_PATH}}}" # secretBytes requires base64 encoded content
- file:
scope: GLOBAL
id: "secret-file_via_binary_file"
fileName: "mysecretfile.txt"
secretBytes: "${readFileBase64:${SECRET_FILE_PATH}}" # secretBytes requires base64 encoded content
- certificate:
scope: GLOBAL
id: "secret-certificate"
password: "${SECRET_PASSWORD_CERT}"
description: "my secret cert"
keyStoreSource:
uploaded:
uploadedKeystore: "${readFileBase64:${SECRET_CERT_FILE_PATH}}" # uploadedKeystore requires BINARY base64 encoded content
implementation note
Credentials plugin support relies on a custom adaptor components CredentialsRootConfigurator and SystemCredentialsProviderConfigurator.
Global credentials can be registered by just not providing a domain (i.e null).
Credentials symbol name is inferred from implementation class simple name: UsernamePasswordCredentialsImpl
descriptor's clazz is Credentials
we consider the Impl suffix as a common pattern to flag implementation class.
=> symbol name is usernamePassword