This repository has been archived by the owner on Jul 4, 2023. It is now read-only.
-
Notifications
You must be signed in to change notification settings - Fork 58
/
Copy pathJenkinsfile
44 lines (38 loc) · 1.58 KB
/
Jenkinsfile
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
// https://github.com/jenkinsci/hashicorp-vault-plugin
node {
stage('Checkout Source Code') {
sh 'echo "Check out application source code"'
}
stage('Get ENV vars from Vault') {
// define the secrets and the env variables
// engine version can be defined on secret, job, folder or global.
// the default is engine version 2 unless otherwise specified globally.
def secrets = [
[path: 'kv2/secret/another_test', engineVersion: 2, secretValues: [
[vaultKey: 'another_test']]],
[path: 'kv1/secret/testing/value_one', engineVersion: 1, secretValues: [
[vaultKey: 'value_one']]],
[path: 'kv1/secret/testing/value_two', engineVersion: 1, secretValues: [
[envVar: 'my_var', vaultKey: 'value_two']]]
]
// optional configuration, if you do not provide this the next higher configuration
// (e.g. folder or global) will be used
def configuration = [vaultUrl: 'http://10.9.99.10:8200',
vaultCredentialId: 'vault-initial-root-token',
engineVersion: 1]
// inside this block your credentials will be available as env variables
withVault([configuration: configuration, vaultSecrets: secrets]) {
sh 'echo $value_one'
sh 'echo $my_var'
sh 'echo $another_test'
}
}
stage('Echo some ENV vars') {
withCredentials([[$class: 'VaultTokenCredentialBinding', credentialsId: 'vault-initial-root-token', vaultAddr: 'http://10.9.99.10:8200']]) {
// values will be masked
sh 'echo TOKEN=$VAULT_TOKEN'
sh 'echo ADDR=$VAULT_ADDR'
}
echo sh(script: 'env|sort', returnStdout: true)
}
}