hashicorp-vault-plugin
hashicorp-vault-plugin copied to clipboard
Q: dynamic credentials
When using dynamic credentials is there any house cleaning required (eg should it be deleted)?
` import hudson.util.Secret
import com.cloudbees.plugins.credentials.CredentialsScope import com.datapipe.jenkins.vault.credentials.VaultTokenCredential import org.apache.commons.lang.RandomStringUtils
def vaultToken="myfancytoken" def randomString = org.apache.commons.lang.RandomStringUtils.random(8, true, true) def credentialId = "vault-dyanamic-${randomString}"
VaultTokenCredential customCredential = new VaultTokenCredential( CredentialsScope.GLOBAL, credentialId, 'Vault Dynamic Credential', Secret.fromString(vaultToken) )
node { def configuration = [vaultUrl: 'https://vault.my.com:443/', vaultCredential: customCredential, engineVersion: 1]
def secrets = [
[path: 'secret/ca', engineVersion: 1, secretValues: [
[envVar: 'PASSPHRASE', vaultKey: 'passphrase'],
[envVar: 'CA', vaultKey: 'ca']]]
]
withVault([configuration: configuration, vaultSecrets: secrets]) {
sh 'echo $PASSPHRASE'
sh 'echo $CA'
}
} `