hashicorp-vault-plugin icon indicating copy to clipboard operation
hashicorp-vault-plugin copied to clipboard

Published 20 hours ago verified publisher icon jenkinsci

Support for AWS Credentials

Open dzieciou opened this issue 3 years ago • 4 comments

Dependencies

None

Feature Request

I am currently migrating all our credentials from Jenkins to Vault. Unfortunatetly, current version of the plugin does not support populating Jenkins AWS Credentials.

image

Is there any PR on that?

dzieciou avatar Oct 19 '21 10:10 dzieciou

Yeah, there's Vault AWS IAM Credential, but this seems to be something completely different...

dhs-rec avatar Dec 13 '21 07:12 dhs-rec

With a combination of Vault, Jenkins Configuration-as-Code, it's possible. If you start your Jenkins with these Environment Variables properly configured, it'll load secrets from Vault into Environment Variables:

CASC_VAULT_TOKEN="<TOKEN>"
CASC_VAULT_ENGINE_VERSION=<Engine version 1 or 2>
CASC_VAULT_PATHS=<path/to/jenkins-secrets>
CASC_VAULT_URL=<URL to Vault>

Official docs on the matter: https://github.com/jenkinsci/configuration-as-code-plugin/blob/master/docs/VAULT.md

---
credentials:
  system:
    domainCredentials:
      - credentials:
          - aws:
              scope: GLOBAL
              id: "AWS"
              accessKey: "${AWS_ACCESS_KEY_ID}"
              secretKey: "${AWS_SECRET_ACCESS_KEY}"
              description: "AWS Credentials"

jonbrohauge avatar Mar 29 '22 12:03 jonbrohauge

Yes, that's the workaround I also use until this issue is fixed.

dhs-rec avatar Mar 29 '22 13:03 dhs-rec

Any updates on this?

DanielBruzualRW avatar Apr 13 '22 06:04 DanielBruzualRW