Azure Key vault secrets are fetched only as "Secret text" and not other kinds

VishnuvardhanKrishnan commented 6 months ago

Jenkins and plugins versions report

Environment

```text Paste the output here ```

What Operating System are you using (both controller, and any agents involved in the problem)?

Operation systems - RHEL 8 Jenkins - Docker 2.442-jdk11

Reproduction steps

I'm deploying Jenkins using Configuration as a code model.

Install the plugins

azure-credentials-ext
azure-keyvault
azure-sdk

Add "Azure Service Principal"
Add Azure Key Vault URL and credentials. Jenkins able to fetch all the secrets successfully.

Expected Results

Jenkins should be able to fetch the secrets with different kind of credentials like GCP secrets manager works.

Actual Results

All the secrets are fetched with the kind "Secret text".

Anything else?

I'm using the latest version of the plugin and did take a look at https://github.com/jenkinsci/azure-keyvault-plugin/issues/42 nd https://github.com/jenkinsci/azure-keyvault-plugin/issues/45. I'm not sure if I missed any specific configuration.

Also from the plugin documentation, it is not clear from where the password is being fetched.

jenkins:
  securityRealm:
    local:
      allowsSignup: false
      users:
      - id: "foo"
        password: "${my-password}"

Are you interested in contributing a fix?

No response

timja commented 6 months ago

What secret types are you after?

There's a few types supported: https://github.com/jenkinsci/azure-keyvault-plugin#azure-key-vault-credentials-provider

string - Secret text
username - Username with password
- add a tag username for the username of the credential
sshUserPrivateKey - SSH Private key
- add a tag username for the username of the credential
- (optional) add a tag username-is-secret and set it to true to hide the username in the build logs

VishnuvardhanKrishnan commented 6 months ago

What secret types are you after?

There's a few types supported: https://github.com/jenkinsci/azure-keyvault-plugin#azure-key-vault-credentials-provider

string - Secret text

username - Username with password

add a tag username for the username of the credential

sshUserPrivateKey - SSH Private key

add a tag username for the username of the credential

(optional) add a tag username-is-secret and set it to true to hide the username in the build logs

@timja - Thank you. I'm after all the secrets types. Azure Key vault plugin successfully fetches the secrets, but only stores them as "Secret text". To store the credentials with other types, is there any specific configuration or tagging needed? I'm not able to find documentation on how to use specific secret type with the plugin.

Any specific documentation or configuration would help.

timja commented 6 months ago

Search --tags on https://github.com/jenkinsci/azure-keyvault-plugin#azure-key-vault-credentials-provider

as mentioned before the above 3 are supported.

VishnuvardhanKrishnan commented 6 months ago

Thank you.

jenkinsci / azure-keyvault-plugin