Pipelin pulling repository from encrypted cloud build

[PaoloAtRebelpug]

Describe your use-case which is not covered by existing documentation.

I am trying to make a pipeline in jenkins to build our game. The repository is in the cloud and encrypted and I am looking a way to pass down the encryption key. What would be the corrent approach?

This is our testing pipeline

pipeline {
    agent any
    stages {
        stage('Build') {
            agent {
                docker {
                    image 'unityci/editor:ubuntu-2021.3.0f1-windows-mono-1.0.1'
                    reuseNode true
                }
            }
            steps {
                cm(
                    branch: '/main/dev',
                    repository: 'RepositoryName',
                    server: 'RepositoryName@cloud',
                    cleanup: 'STANDARD',
                    directory: 'Directory',
                    workingMode: 'LDAP',
                    credentialsId: 'id-plasticscm'
                )
                sh 'ls /Directory/'
            }
        }
    }
}

Reference any relevant documentation, other materials or issues/pull requests that can be used for inspiration.

No response

[mig42]

Hi @PaoloAtRebelpug ! Unfortunately, the plugin does not currently support specifying the encryption key as a configuration setting. We're aware of it, and it might require changes in the Plastic SCM command line client (cm).

You could manually upload the key file and configure the cryptedservers.conf file in the agent machine, but this more difficult to achieve (if possible at all) with a setup like yours, using docker containers.

[PaoloAtRebelpug]

Hello @mig42,

Thanks for the explanation!

I looked into the idea of passing the cryptedservers.conf, do you, by any change, knows where it should be copied to in a amazon Linux ami? sadly working on windows myself.

Thanks, Paolo

[mig42]

Sure! If this is possible for you, you need to upload the key file (the file that actually contains the encryption key) to any path in the machine, and then prepare the cryptedservers.conf with these contents

myOrg@cloud /path/to/my/encryption.key

Replace myOrg with your organization name and /path/to/my/encryption.key with the path you chose for the key file.

Then, place that file in $HOME/.plastic4/cryptedservers.conf for the user that will run the Jenkins agent. Alternatively, you can place in the same directory as the cm executable. It's /opt/plasticscm5/client by default in Linux, but you can also display it if you run cm location.

Hope this helps!

[PaoloAtRebelpug]

It works thanks!

[PaoloAtRebelpug]

Hello Miguel,

Thanks for the explanation!

I looked into the idea of passing the cryptedservers.conf, do you, by any change, knows where it should be copied to in a amazon Linux ami? sadly working on windows myself.

Thanks, Paolo

On Tue, 19 Apr 2022, 08:57 Miguel, @.***> wrote:

Hi @PaoloAtRebelpug https://github.com/PaoloAtRebelpug ! Unfortunately, the plugin does not currently support specifying the encryption key as a configuration setting. We're aware of it, and it might require changes in the Plastic SCM command line client (cm).

You could manually upload the key file and configure the cryptedservers.conf file in the agent machine, but this more difficult to achieve (if possible at all) with a setup like yours, using docker containers.

— Reply to this email directly, view it on GitHub https://github.com/jenkinsci/plasticscm-plugin/issues/48#issuecomment-1102238580, or unsubscribe https://github.com/notifications/unsubscribe-auth/ATWVRWKHT5CEVGRVISFJYU3VFZRPPANCNFSM5TUKTDPA . You are receiving this because you were mentioned.Message ID: @.***>

[mig42]

Hi Paolo,

As cryptedservers.conf is a client configuration file, you can place it anywhere client configuration files can live. For Linux, that means:

• Directory .plastic4 under the user's $HOME (i.e. $HOME/.plastic4/cryptedservers.conf)
  • This is the recommended configuration, as it doesn't require special permissions to edit the file and it only applies to that user
  • I believe this would be /home/ec2-user/.plastic4/cryptedservers.conf for Amazon Linux AMIs, but I'm not 100% sure
• Installation directory for binaries
  • If you installed from packages, that's /opt/plasticscm5/client/cryptedservers.conf

Does this answer your question?

Cheers, Miguel

[PaoloAtRebelpug]

Hi Micheal,

I think something went wrong in github, didn't make that comment now, it was a comment made on the 19th of April (above).

Thanks anyway for the reply :D Have a nice day!