Closed byjg closed 1 year ago
I’ll consider it to core. However, you can add your own custom workflow library that has an adminSecretsMap
var. it would be a key value pair which gets hidden from the console output and injected as environment variables.
For now, no immediate plans.
This extension was added so admins can add any arbitrary secrets support they like via their own groovy code.
I have to install the "Global Variable String Parameter" and it worked. I can setup a variable and use it inside the .jervis.yml.
This plugin could be in the "jenkins-bootstrap-shared" project
I'd rather limit plugins to only those essential to core logic at this time. I don't see myself using that plugin. I may expand the plugins to include metrics as well.
Building your own custom fork of the bootstrapper should be fairly easy. Just a matter of you bootstrapping to the UI. Installing the plugins, and then saving the installed plugins via the bootstrap scripts to generate a new dependencies.gradle
.
Thanks! It helped a lot!
@byjg Adding on some context with some of my lessons learned. I’ve moved away from Jenkins credentials for most secrets in favor of either external credential store (such as hashicorp vault) or ephemeral credentials. For example, I am in the process of integrating with GitHub app auth.
Here’s some of my reasons:
Using hashicorp vault for ci secrets I organize them the following way (kv v2).
jenkins/<folder>
jenkins/<folder>/tag
jenkins/<folder>/<project>
jenkins/<folder>/<project>/tag
Meaning different contexts may get different secrets when ephemeral credentials are not available.
The Jervis documentation mentions "secrets". I see examples here: https://github.com/samrocketman/jervis-secrets-test
But, for use this solution I have to write in the .jervis.yml the secret text. Is there anyway to get a jenkins credentials directly from inside the Jervis?
I imagine something like this: