PLC/vPLC>> hashicorp-vault-jenkins>> 返回
项目作者: amarruedo

项目描述 :
Jenkins pipeline step to retrieve secrets from Hashicorp's Vault server
高级语言: Groovy
项目地址: git://github.com/amarruedo/hashicorp-vault-jenkins.git
创建时间: 2017-02-01T11:34:06Z
项目社区:https://github.com/amarruedo/hashicorp-vault-jenkins
开源协议:MIT License
下载


hashicorp-vault-jenkins

Jenkins pipeline step to retrieve secrets from Hashicorp’s Vault server

Install

You’ll need workflow-cps-global-lib plugin.

The step itself is added to Jenkins in Manage Jenkins » Configure System » Global Pipeline Libraries

Alt text

Usage

The step must be run in a curl enabled linux node since it uses a sh step to curl Vault API.
We write a secret to Vault and then query it using the step inside a Jenkins pipeline

On the Vault server:

  1. vault write secret/test key=my-key cert=my-cert

Jenkins DSL script:

  1. #!groovy
  3. @Library('vault-secrets') _
  5. def username = ''
  6. def password = ''
  7. def secret = ''
  9. timeout(time:5, unit:'MINUTES') {
  11.   def userInput = input(
  12.       id: 'userInput', message: 'User/Password/Secret', parameters: [
  13.       [$class: 'TextParameterDefinition', defaultValue: '', description: 'Username input', name: 'username'],
  14.       [$class: 'PasswordParameterDefinition', defaultValue: '', description: 'Password input', name: 'password'],
  15.       [$class: 'TextParameterDefinition', defaultValue: '', description: 'Secret to retrieve', name: 'secret']
  16.   ])
  18.   username=userInput['username'].toString()
  19.   password=userInput['password'].toString()
  20.   secret=userInput['secret'].toString()
  21. }
  23. node("master"){
  25.     def data = vaultSecret("master", "http://vault.default.svc.cluster.local:8200", username, password, secret)
  26.     echo "CERT: " + data.cert.toString() + " KEY: " + data.key.toString()
  27. }