Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

reading json secrets #277

Open
chrisj-au opened this issue Jun 1, 2023 · 2 comments
Open

reading json secrets #277

chrisj-au opened this issue Jun 1, 2023 · 2 comments
Labels
enhancement New feature or request

Comments

@chrisj-au
Copy link

What feature do you want to see added?

Under advance usage within the readme it suggests that multi-field credentials support isn't available yet. For us, we use key value secrets within secrets manager (stored as json) and currently use the readJson method. While this is ok if our pipeline only needed 1-2 secrets we however use many. It seems impractical to use withCredentials and readJson on every step that requires secrets. Additionally making the credential string available as an env var seems to me like a fairly big security concern given that the secret could just be echod out with printenv. Is there an alternative I method for using this I am not seeing or is there room for an enhancement of this plugin? thanks.

Upstream changes

No response

@chrisj-au chrisj-au added the enhancement New feature or request label Jun 1, 2023
@chriskilding
Copy link
Contributor

Hi, you are correct that at the moment generic multi-field credentials (stored in JSON) are not natively supported within the plugin; you must use the readJson method instead for that.

If you just want to use the standard credential types (SSH key, username+password, certificate) however, those are supported - see the README for details.

If you use Jenkins Configuration as Code, and you really do need support for arbitrary multi-field credential types outside of the standard ones (e.g. vendor specific credentials which consist of two or more secret fields), you have another option in the form of the https://github.com/jenkinsci/aws-secrets-manager-secret-source-plugin. That plugin is the low-level counterpart of this one and works at the level of casc.yaml.

You mention that you use 'many' secrets per job - how many are you typically using? (Depending on the problem you're running into, there may potentially be a usability limitation with the withCredentials API - which would affect more credentials providers than just this one.)

@jjaaskel
Copy link

Is there some plans to support json formatted AWS secrets in near future without any tricks?

I am having json secret in AWS secrets manager which is expected to be available in Jenkins secrets (via this plugin) and used directly there by Google Compute engine cloud node configuration, i.e. there is not any possibility to pipeline steps with readJson between.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
enhancement New feature or request
Projects
None yet
Development

No branches or pull requests

3 participants