Open tsurankov opened 3 years ago
jetersen
commented
3 years ago but why, just use yaml will collapse it to be comma separated.
- name: CASC_VAULT_PATHS
value: >-
secret/jenkins/credentials,
devops/applications/app1/password,
dev/applications/app2/aws/credentials,
tsurankov
commented
3 years ago @jetersen Yes, this will collapse to a comma separated string, but with spaces after commas. Jenkins fails with this configuration
secret/jenkins/credentials, devops/applications/app1/password, dev/applications/app2/aws/credentialsI have added a regexp to parse a string that may contain spaces: https://github.com/jenkinsci/hashicorp-vault-plugin/pull/159
jetersen
commented
3 years ago This won't work, you can have spaces in the path.
tsurankov
commented
3 years ago @jetersen But the same point applies for commas, meaning you can create a vault secret with commas in the path. This is up to user how to use a tool
Feature Request
I like the idea of using HashiCorp Vault Secret Source as a secret source for credentials creation and managing secrets in JCasC configuration using helm on k8s.
At the moment the only way to set up multiple secrets is to specify them as a comma separated string which is inconvenient if there are a lot of secrets and secrets' paths. If there are spaces between paths, then jenkins won't start up. So the variable should be passed as a very long string:
The workaround exists, we can specify paths in double quotes like in the following example:
However, It would be much clear to have possibility to specify paths in regular yaml format:
That will result in the space separated string of value key paths:
CASC_VAULT_PATHS=secret/jenkins/credentials devops/applications/app1/password dev/applications/app2/aws/credentials
If there was a way to specify CASC_VAULT_PATHS in both ways: as a comma separated string or as a space separated string, then it would simplify configuration a lot.