Hi Luke & Julien, I think the Credentials Binding plugin should have been installed since ssh-key is leveraged to manage slave node, and previously, TestAPI intended to employ it for the token check, but the privilege is not opened to everyone, you need to contact @Trevor, Aric or Fatih for it.
BRs Serena On Thu, Mar 1, 2018 at 5:16 PM Julien <[email protected]> wrote: > Hi Luke, > > Yes, you can inject a secret string in the jjb : > > wrappers: > - credentials-binding: > - zip-file: > credential-id: b3e6f337-5d44-4f57-921c-1632d796caa6 > variable: CONFIG_ZIP > - file: > credential-id: b3e6f337-5d44-4f57-921c-1632d796caab > variable: config_file > - username-password: > credential-id: b3e6f337-5d44-4f57-921c-1632d796caac > variable: config_username_password > - text: > credential-id: b3e6f337-5d44-4f57-921c-1632d796caad > variable: config_text > > it supports file, text, username-password, etc. It can not be echo/cat > during the CI execution. > It requires a Credentials Binding plugin. > @Trevor, Aric, can you double check is it installed already? > We use this method to avoid API token leak issue in internal CI. > > [1], https://docs.openstack.org/infra/jenkins-job-builder/wrappers.html > [2], https://wiki.jenkins.io/display/JENKINS/Credentials+Binding+Plugin > > > Luke Hinds <[email protected]>于2018年2月20日周二 下午4:11写道: > >> Hi, >> >> Do we have the capability to handle (inject?) environment variable >> secrets in our CI that are set during a build? >> >> I am looking at introducing virus total checks into anteater and this >> needs an API key which we don't want to share in the open. >> >> Currently I have the code look for the key in the environment, rather >> then a config file..is this workable? >> >> e.g... >> >> export VT_KEY='<API_KEY>' >> echo $VT_KEY >> <API_KEY> >> -- >> Luke Hinds | NFV Partner Engineering | CTO Office | Red Hat >> e: [email protected] | irc: lhinds @freenode | t: +44 12 52 36 2483 >> _______________________________________________ >> opnfv-tech-discuss mailing list >> [email protected] >> https://lists.opnfv.org/mailman/listinfo/opnfv-tech-discuss >> > _______________________________________________ > opnfv-tech-discuss mailing list > [email protected] > https://lists.opnfv.org/mailman/listinfo/opnfv-tech-discuss >
_______________________________________________ opnfv-tech-discuss mailing list [email protected] https://lists.opnfv.org/mailman/listinfo/opnfv-tech-discuss
