Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

The secrets are available as environment variables then.

Usage via Jenkinsfile

Let the code speak for itself:

 With version 2.3.0, we added a "withVault" symbol and made "envVar" optional as shown in the second secretValue with "another_test" will use the vaultKey as the envVar.

Code Block
languagegroovy
titleJenkinsfile
node {
    // define the secrets and the env variables
    def secrets = [
        [path: 'secret/testing', secretValues: [
            [envVar: 'testing', vaultKey: 'value_one'],
            [envVar: 'testing_again', vaultKey: 'value_two']]],
        [path: 'secret/another_test', secretValues: [
            [vaultKey: 'another_test']]]
    ]

    // optional configuration, if you do not provide this the next higher configuration
    // (e.g. folder or global) will be used
    def configuration = [vaultUrl: 'http://my-very-other-vault-url.com',
                         vaultCredentialId: 'my-vault-cred-id']
    // inside this block your credentials will be available as env variables
    withVault([configuration: configuration, vaultSecrets: secrets]) {
        sh 'echo $testing'
        sh 'echo $testing_again'
        sh 'echo $another_test'
    }
}

Before version 2.2.0 and below:

Code Block
languagegroovy
titleJenkinsfile
node {
    // define the secrets and the env variables
    def secrets = [
        [$class: 'VaultSecret', path: 'secret/testing', secretValues: [
            [$class: 'VaultSecretValue', envVar: 'testing', vaultKey: 'value_one'],
            [$class: 'VaultSecretValue', envVar: 'testing_again', vaultKey: 'value_two']]],
        [$class: 'VaultSecret', path: 'secret/another_test', secretValues: [
            [$class: 'VaultSecretValue', envVar: 'another_test', vaultKey: 'valueanother_test']]]
    ]

    // optional configuration, if you do not provide this the next higher configuration
    // (e.g. folder or global) will be used
    def configuration = [$class: 'VaultConfiguration',
                         vaultUrl: 'http://my-very-other-vault-url.com',
                         vaultCredentialId: 'my-vault-cred-id']
    // inside this block your credentials will be available as env variables
    wrap([$class: 'VaultBuildWrapper', configuration: configuration, vaultSecrets: secrets]) {
        sh 'echo $testing'
        sh 'echo $testing_again'
        sh 'echo $another_test'
    }
}

 


In the future we might migrate to a BuildStep instead of a BuildWrapper.

...