Sorry all I missed this email...
On Thu, Mar 1, 2018 at 8:46 PM, Trevor Bramwell <
[email protected]> wrote:
> Hi Julien,
>
> Yes we have that plugin installed.
>
> Luke,
>
> If there is known file location virus total looks for the api key,
> another option is using the Config File Provider[1][2]. The credentials
> would be stored in a file on Jenkins master and pulled down before the
> build, then removed once the build completes.
>
> Though ensuring credentials are cleaned up even if the build fails
> requires the Post Build Script[3] plugin as well (which is also installed).
>
Currently I just pull it from the environment (as this works well with
circle-ci and travis)
try:
apikey = os.environ["VT_KEY"]
except KeyError:
logger.error("Please set your virustotal.com API key as an environment
variable")
sys.exit(1)
>
> Regards,
> Trevor Bramwell
>
> [1] https://plugins.jenkins.io/config-file-provider
> [2] https://docs.openstack.org/infra/jenkins-job-builder/
> wrappers.html#wrappers.config-file-provider
> [3] https://docs.openstack.org/infra/jenkins-job-builder/
> publishers.html#publishers.postbuildscript
>
> On Thu, Mar 01, 2018 at 09:15:58AM +0000, Julien wrote:
> > Hi Luke,
> >
> > Yes, you can inject a secret string in the jjb :
> >
> > wrappers:
> > - credentials-binding:
> > - zip-file:
> > credential-id: b3e6f337-5d44-4f57-921c-1632d796caa6
> > variable: CONFIG_ZIP
> > - file:
> > credential-id: b3e6f337-5d44-4f57-921c-1632d796caab
> > variable: config_file
> > - username-password:
> > credential-id: b3e6f337-5d44-4f57-921c-1632d796caac
> > variable: config_username_password
> > - text:
> > credential-id: b3e6f337-5d44-4f57-921c-1632d796caad
> > variable: config_text
> >
> > it supports file, text, username-password, etc. It can not be echo/cat
> > during the CI execution.
> > It requires a Credentials Binding plugin.
> > @Trevor, Aric, can you double check is it installed already?
> > We use this method to avoid API token leak issue in internal CI.
> >
> > [1], https://docs.openstack.org/infra/jenkins-job-builder/wrappers.html
> > [2], https://wiki.jenkins.io/display/JENKINS/Credentials+Binding+Plugin
> >
> >
> > Luke Hinds <[email protected]>于2018年2月20日周二 下午4:11写道:
> >
> > > Hi,
> > >
> > > Do we have the capability to handle (inject?) environment variable
> secrets
> > > in our CI that are set during a build?
> > >
> > > I am looking at introducing virus total checks into anteater and this
> > > needs an API key which we don't want to share in the open.
> > >
> > > Currently I have the code look for the key in the environment, rather
> then
> > > a config file..is this workable?
> > >
> > > e.g...
> > >
> > > export VT_KEY='<API_KEY>'
> > > echo $VT_KEY
> > > <API_KEY>
> > > --
> > > Luke Hinds | NFV Partner Engineering | CTO Office | Red Hat
> > > e: [email protected] | irc: lhinds @freenode | t: +44 12 52 36 2483
> > > _______________________________________________
> > > opnfv-tech-discuss mailing list
> > > [email protected]
> > > https://lists.opnfv.org/mailman/listinfo/opnfv-tech-discuss
> > >
>
--
Luke Hinds | NFV Partner Engineering | CTO Office | Red Hat
e: [email protected] | irc: lhinds @freenode | t: +44 12 52 36 2483
_______________________________________________
opnfv-tech-discuss mailing list
[email protected]
https://lists.opnfv.org/mailman/listinfo/opnfv-tech-discuss
