获取所有机密并将其放入 Jenkins 和 hashicorp 保险库的 env 文件中
Getting and put all secret in an env file on Jenkins and hashicorp vault
目前我们正在构建 jenkins 部署管道。在这些构建中,我们使用 HachiCorp 保险库进行秘密管理。为了获得秘密,我们使用 hashicorp-vault-plugin。问题是我们想在管道脚本上声明所有变量,像这样 - testing','testing_again', secret/another_test(我们不希望这样)
node {
// define the secrets and the env variables
// engine version can be defined on secret, job, folder or global.
// the default is engine version 2 unless otherwise specified globally.
def secrets = [
[path: 'secret/testing', engineVersion: 1, secretValues: [
[envVar: 'testing', vaultKey: 'value_one'],
[envVar: 'testing_again', vaultKey: 'value_two']]],
[path: 'secret/another_test', engineVersion: 2, secretValues: [
[vaultKey: 'another_test']]]
]
// optional configuration, if you do not provide this the next higher configuration
// (e.g. folder or global) will be used
def configuration = [vaultUrl: 'http://my-very-other-vault-url.com',
vaultCredentialId: 'my-vault-cred-id',
engineVersion: 1]
// inside this block your credentials will be available as env variables
withVault([configuration: configuration, vaultSecrets: secrets]) {
sh 'echo $testing'
sh 'echo $testing_again'
sh 'echo $another_test'
}
}
But need some things like this -
- 获取所有秘密作为键和值
- 在构建项目之前放置一个 env 文件
- 构建项目后,销毁环境文件。
是否可以通过 jenkins hashicorp-vault-plugin 或通过 curl 从 vault 中获取这些秘密并通过 shell commend 处理(示例很棒)。
在 vault 插件中无法将秘密放入文件。只能立即放入环境变量。存储在 env 中后,你可以做任何你想做的事 :) 你可以做类似
的事情
sh 'echo $YOURVAR > .env'
Get all the secret as key and value
by vault concept you should know secret name for access to it. not sure how it should be in your case
p.s 如果您需要文件凭据,您可以使用
证书
credentials-binding
詹金斯插件
目前我们正在构建 jenkins 部署管道。在这些构建中,我们使用 HachiCorp 保险库进行秘密管理。为了获得秘密,我们使用 hashicorp-vault-plugin。问题是我们想在管道脚本上声明所有变量,像这样 - testing','testing_again', secret/another_test(我们不希望这样)
node {
// define the secrets and the env variables
// engine version can be defined on secret, job, folder or global.
// the default is engine version 2 unless otherwise specified globally.
def secrets = [
[path: 'secret/testing', engineVersion: 1, secretValues: [
[envVar: 'testing', vaultKey: 'value_one'],
[envVar: 'testing_again', vaultKey: 'value_two']]],
[path: 'secret/another_test', engineVersion: 2, secretValues: [
[vaultKey: 'another_test']]]
]
// optional configuration, if you do not provide this the next higher configuration
// (e.g. folder or global) will be used
def configuration = [vaultUrl: 'http://my-very-other-vault-url.com',
vaultCredentialId: 'my-vault-cred-id',
engineVersion: 1]
// inside this block your credentials will be available as env variables
withVault([configuration: configuration, vaultSecrets: secrets]) {
sh 'echo $testing'
sh 'echo $testing_again'
sh 'echo $another_test'
}
}
But need some things like this -
- 获取所有秘密作为键和值
- 在构建项目之前放置一个 env 文件
- 构建项目后,销毁环境文件。
是否可以通过 jenkins hashicorp-vault-plugin 或通过 curl 从 vault 中获取这些秘密并通过 shell commend 处理(示例很棒)。
在 vault 插件中无法将秘密放入文件。只能立即放入环境变量。存储在 env 中后,你可以做任何你想做的事 :) 你可以做类似
的事情sh 'echo $YOURVAR > .env'
Get all the secret as key and value by vault concept you should know secret name for access to it. not sure how it should be in your case
p.s 如果您需要文件凭据,您可以使用 证书 credentials-binding 詹金斯插件