hashicorp-vault-plugin icon indicating copy to clipboard operation
hashicorp-vault-plugin copied to clipboard

Published 20 hours ago verified publisher icon jenkinsci

Feature decoding ssh key

Open hchakroun opened this issue 3 years ago • 3 comments

  • [x] Make sure you are opening from a topic/feature/bugfix branch (right side) and not your main branch!
  • [ ] Ensure that the pull request title represents the desired changelog entry
  • [ ] Please describe what you did
  • [ ] Link to relevant issues in GitHub or Jira
  • [ ] Link to relevant pull requests, esp. upstream and downstream changes
  • [ ] Ensure you have provided tests - that demonstrates feature works or fixes the issue

hchakroun avatar Dec 26 '21 04:12 hchakroun

I'm not sure this fix should go in as-is, the decode from base64 is only needed if you put the ssh into vault as a base64 encoded string. That's not how I've done it and I'm sure I'm not alone in this. This could be useful, but I think it would need to be available as an option.

jamesrobson-secondmind avatar Jan 05 '22 14:01 jamesrobson-secondmind

I just thought it would be good to store the key as a base64 string to avoid dealing with newlines and to not send the certificate as is to Vault And I think if the plugin follows the same approach it'd be fine, because the Vault certificate credential is expecting a base64 string from Vault at: https://github.com/jenkinsci/hashicorp-vault-plugin/blob/182c0fbaaeb77e222d49822656e29b8c40422f7f/src/main/java/com/datapipe/jenkins/vault/credentials/common/VaultCertificateCredentialsImpl.java#L82 which is not the case for SSH Certificate

Take a look to this link for a more complex example of storing an SSL Certificate: https://discuss.hashicorp.com/t/store-ssl-certificates-in-vault/30180/6

hchakroun avatar Jan 05 '22 23:01 hchakroun

Would be best to check whether the string was base64 encoded or not.

jetersen avatar Jul 12 '22 08:07 jetersen