Skip to content

Jenkins pipeline step to retrieve secrets from Hashicorp's Vault server

License

Notifications You must be signed in to change notification settings

amarruedo/hashicorp-vault-jenkins

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

6 Commits
 
 
 
 
 
 
 
 

Repository files navigation

hashicorp-vault-jenkins

Jenkins pipeline step to retrieve secrets from Hashicorp's Vault server

Install

You'll need workflow-cps-global-lib plugin.

The step itself is added to Jenkins in Manage Jenkins » Configure System » Global Pipeline Libraries

Alt text

Usage

The step must be run in a curl enabled linux node since it uses a sh step to curl Vault API. We write a secret to Vault and then query it using the step inside a Jenkins pipeline

On the Vault server:

vault write secret/test key=my-key cert=my-cert

Jenkins DSL script:

#!groovy

@Library('vault-secrets') _

def username = ''
def password = ''
def secret = ''

timeout(time:5, unit:'MINUTES') {

  def userInput = input(
      id: 'userInput', message: 'User/Password/Secret', parameters: [
      [$class: 'TextParameterDefinition', defaultValue: '', description: 'Username input', name: 'username'],
      [$class: 'PasswordParameterDefinition', defaultValue: '', description: 'Password input', name: 'password'],
      [$class: 'TextParameterDefinition', defaultValue: '', description: 'Secret to retrieve', name: 'secret']
  ])

  username=userInput['username'].toString()
  password=userInput['password'].toString()
  secret=userInput['secret'].toString()
}

node("master"){

    def data = vaultSecret("master", "http://vault.default.svc.cluster.local:8200", username, password, secret)
    echo "CERT: " + data.cert.toString() + " KEY: " + data.key.toString()
}

About

Jenkins pipeline step to retrieve secrets from Hashicorp's Vault server

Topics

Resources

License

Stars

Watchers

Forks

Releases

No releases published

Packages

No packages published

Languages