search

jenkinsci / hashicorp-vault-plugin

Jenkins plugin to populate environment variables from secrets stored in HashiCorp's Vault.
https://plugins.jenkins.io/hashicorp-vault-plugin/
MIT License
218 stars 144 forks source link

Support for AWS Credentials #194

Open dzieciou opened 2 years ago

dzieciou commented 2 years ago

Dependencies

None

Feature Request

I am currently migrating all our credentials from Jenkins to Vault. Unfortunatetly, current version of the plugin does not support populating Jenkins AWS Credentials.

image

Is there any PR on that?

dhs-rec commented 2 years ago

Yeah, there's Vault AWS IAM Credential, but this seems to be something completely different...

jonbrohauge commented 2 years ago

With a combination of Vault, Jenkins Configuration-as-Code, it's possible. If you start your Jenkins with these Environment Variables properly configured, it'll load secrets from Vault into Environment Variables:

CASC_VAULT_TOKEN="<TOKEN>"
CASC_VAULT_ENGINE_VERSION=<Engine version 1 or 2>
CASC_VAULT_PATHS=<path/to/jenkins-secrets>
CASC_VAULT_URL=<URL to Vault>

Official docs on the matter: https://github.com/jenkinsci/configuration-as-code-plugin/blob/master/docs/VAULT.md

---
credentials:
  system:
    domainCredentials:
      - credentials:
          - aws:
              scope: GLOBAL
              id: "AWS"
              accessKey: "${AWS_ACCESS_KEY_ID}"
              secretKey: "${AWS_SECRET_ACCESS_KEY}"
              description: "AWS Credentials"
dhs-rec commented 2 years ago

Yes, that's the workaround I also use until this issue is fixed.

DanielBruzualRW commented 2 years ago

Any updates on this?