Skip to content
This repository has been archived by the owner on Jan 2, 2019. It is now read-only.

Shared Library for embedding secrets inside a Jenkinsfile

Notifications You must be signed in to change notification settings

CodeValet/inline-pipeline-secrets

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

4 Commits
 
 
 
 
 
 
 
 

Repository files navigation

Inline Pipeline Secrets

This is a Pipeline Shared Library which helps support the use of user-defined inline secrets from within a Jenkinsfile.

Warning

This repository hasn’t had a rigorous security evaluation, use at your own risk.

Prerequisites

This Shared Library requires that the Pipeline plugin and Mask Passwords plugin installed.

Using

Decrypting Secrets

A Pipeline can use secrets similar to environment variables:

Jenkinsfile
node {
    stage('Deploy') {
        withSecrets(
            AWS_SECRET_ID: '{AQAAABAAAAAQWsBycxCz0x8ouOKJLU9OTvHdsN7kt7+6RAcV2zZJTm4=}'
        ) {
            echo "I should be deploying something with: ${env.AWS_SECRET_ID}"
        }
    }
}
Usage in Blue Ocean

Encrypting Secrets

A Pipeline can be used to offer a user interface for encrypting.

Jenkinsfile
promptUserForEncryption()

API

Note

This approach relies on Jenkins instance-specific private key which means the encrypted ciphertexts are not portable across Jenkins instances.

promptUserForEncryption()

createSecretText()

unsafeSecretAccess()

withSecrets()

About

Shared Library for embedding secrets inside a Jenkinsfile

Resources

Stars

Watchers

Forks

Releases

No releases published

Packages

No packages published

Languages