Hi Julien, Yes we have that plugin installed.
Luke, If there is known file location virus total looks for the api key, another option is using the Config File Provider[1][2]. The credentials would be stored in a file on Jenkins master and pulled down before the build, then removed once the build completes. Though ensuring credentials are cleaned up even if the build fails requires the Post Build Script[3] plugin as well (which is also installed). Regards, Trevor Bramwell [1] https://plugins.jenkins.io/config-file-provider [2] https://docs.openstack.org/infra/jenkins-job-builder/wrappers.html#wrappers.config-file-provider [3] https://docs.openstack.org/infra/jenkins-job-builder/publishers.html#publishers.postbuildscript On Thu, Mar 01, 2018 at 09:15:58AM +0000, Julien wrote: > Hi Luke, > > Yes, you can inject a secret string in the jjb : > > wrappers: > - credentials-binding: > - zip-file: > credential-id: b3e6f337-5d44-4f57-921c-1632d796caa6 > variable: CONFIG_ZIP > - file: > credential-id: b3e6f337-5d44-4f57-921c-1632d796caab > variable: config_file > - username-password: > credential-id: b3e6f337-5d44-4f57-921c-1632d796caac > variable: config_username_password > - text: > credential-id: b3e6f337-5d44-4f57-921c-1632d796caad > variable: config_text > > it supports file, text, username-password, etc. It can not be echo/cat > during the CI execution. > It requires a Credentials Binding plugin. > @Trevor, Aric, can you double check is it installed already? > We use this method to avoid API token leak issue in internal CI. > > [1], https://docs.openstack.org/infra/jenkins-job-builder/wrappers.html > [2], https://wiki.jenkins.io/display/JENKINS/Credentials+Binding+Plugin > > > Luke Hinds <[email protected]>于2018年2月20日周二 下午4:11写道: > > > Hi, > > > > Do we have the capability to handle (inject?) environment variable secrets > > in our CI that are set during a build? > > > > I am looking at introducing virus total checks into anteater and this > > needs an API key which we don't want to share in the open. > > > > Currently I have the code look for the key in the environment, rather then > > a config file..is this workable? > > > > e.g... > > > > export VT_KEY='<API_KEY>' > > echo $VT_KEY > > <API_KEY> > > -- > > Luke Hinds | NFV Partner Engineering | CTO Office | Red Hat > > e: [email protected] | irc: lhinds @freenode | t: +44 12 52 36 2483 > > _______________________________________________ > > opnfv-tech-discuss mailing list > > [email protected] > > https://lists.opnfv.org/mailman/listinfo/opnfv-tech-discuss > >
signature.asc
Description: PGP signature
_______________________________________________ opnfv-tech-discuss mailing list [email protected] https://lists.opnfv.org/mailman/listinfo/opnfv-tech-discuss
