Open tgross opened 8 years ago
Just for record, the initial implementation of doing this will be in https://github.com/joyent/product-automation (private) which we'll be using for CI/CD on Joyent.com. I'll work thru backporting that into this repo once that work is done and stable and tested.
Currently we inject secrets into the Jenkins container via environment variables in the setup script:
This blueprint can be a first use case for implementing secrets management via Vault. Although supporting secure injection for launching production containers requires the help of a scheduler, we can get away without that in the case of a one-off container like a Jenkins master. This will let us build an example workflow for secrets management that we can then enhance when Mariposa is completed.