hashicorp-vault-plugin icon indicating copy to clipboard operation
hashicorp-vault-plugin copied to clipboard

Published 20 hours ago verified publisher icon jenkinsci

What's the future of this plugin?

Open edwardprzeniczny opened this issue 1 year ago • 4 comments

BetterCloud/vault-java-driver contributor has announced that the project is effectively dead so what's the long term plan for this plugin?

edwardprzeniczny avatar Jul 12 '22 23:07 edwardprzeniczny

The plugin continues to function as vault has a stable API.

I am hoping for something to create a fork of vault-java-driver and maintain it

jetersen avatar Jul 13 '22 05:07 jetersen

I believe there is now a fork/more maintained version of the vault-java-driver: https://github.com/jopenlibs/vault-java-driver

reported/linked to from here: https://github.com/BetterCloud/vault-java-driver/pull/245#issuecomment-1272577405

I know it's no easy undertaking, and the usual logic with things like this is that if anyone would like to see a change made, they are free to make that change and open a PR themselves, but I am curious if switching to this vault-java-driver is anywhere on the roadmap for this plugin.

PikaChokeMe avatar Oct 28 '22 17:10 PikaChokeMe

It might also be worth considering migrating away from vault-java-driver entirely... that project seems to have made some rather odd implementation choices concerning how it handles KV v1 vs v2 secret engines, which have leaked into this Jenkins plugin's API too in confusing ways:

  • engineVersion is actually 100% specific to Vault KV secrets engines, not all of the Vault API - but nothing within this Jenkins plugin leads users to that conclusion, and you have to be enough of a Vault expert to avoid being misled.

which are also sometimes inconsistent:

  • prefixPath behaves with different semantics depending on whether it is used within Jenkinsfiles or within Jenkins configuration.

There are multiple user reports in this issue tracker of difficulties working with KV v2 successfully, because of these challenges.

I'm happy to provide further help designing any changes anyone sets out to make in this regard, though I don't currently see myself as likely to work on this directly, as I'm no longer in a role that involves working with any Vault-integrated Jenkins instances.

maxb avatar Feb 15 '23 09:02 maxb

Neither am I, only here to provide assistance on code review. I stopped using Jenkins a while ago 😓

jetersen avatar Feb 15 '23 09:02 jetersen