hashicorp-vault-plugin icon indicating copy to clipboard operation
hashicorp-vault-plugin copied to clipboard

Published 20 hours ago verified publisher icon jenkinsci

Q: dynamic credentials

Open wolstena opened this issue 3 years ago • 0 comments

When using dynamic credentials is there any house cleaning required (eg should it be deleted)?

` import hudson.util.Secret

import com.cloudbees.plugins.credentials.CredentialsScope import com.datapipe.jenkins.vault.credentials.VaultTokenCredential import org.apache.commons.lang.RandomStringUtils

def vaultToken="myfancytoken" def randomString = org.apache.commons.lang.RandomStringUtils.random(8, true, true) def credentialId = "vault-dyanamic-${randomString}"

VaultTokenCredential customCredential = new VaultTokenCredential( CredentialsScope.GLOBAL, credentialId, 'Vault Dynamic Credential', Secret.fromString(vaultToken) )

node { def configuration = [vaultUrl: 'https://vault.my.com:443/', vaultCredential: customCredential, engineVersion: 1]

def secrets = [
    [path: 'secret/ca', engineVersion: 1, secretValues: [
        [envVar: 'PASSPHRASE', vaultKey: 'passphrase'],
        [envVar: 'CA', vaultKey: 'ca']]]
]

withVault([configuration: configuration, vaultSecrets: secrets]) {
    sh 'echo $PASSPHRASE'
    sh 'echo $CA'
}

} `

wolstena avatar Dec 22 '20 00:12 wolstena