Hi Luke,
Yes, you can inject a secret string in the jjb :
wrappers:
- credentials-binding:
- zip-file:
credential-id: b3e6f337-5d44-4f57-921c-1632d796caa6
variable: CONFIG_ZIP
- file:
credential-id: b3e6f337-5d44-4f57-921c-1632d796caab
variable: config_file
- username-password:
credential-id: b3e6f337-5d44-4f57-921c-1632d796caac
variable: config_username_password
- text:
credential-id: b3e6f337-5d44-4f57-921c-1632d796caad
variable: config_text
it supports file, text, username-password, etc. It can not be echo/cat
during the CI execution.
It requires a Credentials Binding plugin.
@Trevor, Aric, can you double check is it installed already?
We use this method to avoid API token leak issue in internal CI.
[1], https://docs.openstack.org/infra/jenkins-job-builder/wrappers.html
[2], https://wiki.jenkins.io/display/JENKINS/Credentials+Binding+Plugin
Luke Hinds <[email protected]>于2018年2月20日周二 下午4:11写道:
> Hi,
>
> Do we have the capability to handle (inject?) environment variable secrets
> in our CI that are set during a build?
>
> I am looking at introducing virus total checks into anteater and this
> needs an API key which we don't want to share in the open.
>
> Currently I have the code look for the key in the environment, rather then
> a config file..is this workable?
>
> e.g...
>
> export VT_KEY='<API_KEY>'
> echo $VT_KEY
> <API_KEY>
> --
> Luke Hinds | NFV Partner Engineering | CTO Office | Red Hat
> e: [email protected] | irc: lhinds @freenode | t: +44 12 52 36 2483
> _______________________________________________
> opnfv-tech-discuss mailing list
> [email protected]
> https://lists.opnfv.org/mailman/listinfo/opnfv-tech-discuss
>
_______________________________________________
opnfv-tech-discuss mailing list
[email protected]
https://lists.opnfv.org/mailman/listinfo/opnfv-tech-discuss
