Uploaded image for project: 'Jenkins'
  1. Jenkins
  2. JENKINS-37151

Add support for Vault AWS Secret backend

    Details

    • Similar Issues:

      Description

      I would like to request support for the Vault AWS secret backend. https://www.vaultproject.io/docs/secrets/aws/index.html

      I attempted to modify the sample Jenkinsfile to use a different path, but, the calls create multiple keys. Would it be possible make one call to setup the AWS_ACCESS_KEY_ID and SECRET_ACCESS_KEY?

        Attachments

          Activity

          Hide
          ptierno Peter Tierno added a comment -

          This was an oversight. I will look into adding this shortly considering the whole reason I wrote the plugin was for use with the aws backend, but havent had the opportunity to test against it yet. Thanks for bringing it to my attention.

          Show
          ptierno Peter Tierno added a comment - This was an oversight. I will look into adding this shortly considering the whole reason I wrote the plugin was for use with the aws backend, but havent had the opportunity to test against it yet. Thanks for bringing it to my attention.
          Hide
          kgatdula Kenny Gatdula added a comment -

          Sounds great. I appreciate your work on this.

          Show
          kgatdula Kenny Gatdula added a comment - Sounds great. I appreciate your work on this.
          Hide
          ptierno Peter Tierno added a comment -

          Kenny Gatdula The latest release should fix this issue. It does however change the usage slightly. https://github.com/jenkinsci/hashicorp-vault-plugin

          I just published via maven. It may take time until the plugin is updated in the update center. The new docs are available however in the github readme and the jenkins wiki page: https://wiki.jenkins-ci.org/display/JENKINS/HashiCorp+Vault+Plugin

          I'm going to leave this ticket open until you have the opportunity to test. Take note of the caveats section in the readme/wiki.

          Show
          ptierno Peter Tierno added a comment - Kenny Gatdula The latest release should fix this issue. It does however change the usage slightly. https://github.com/jenkinsci/hashicorp-vault-plugin I just published via maven. It may take time until the plugin is updated in the update center. The new docs are available however in the github readme and the jenkins wiki page: https://wiki.jenkins-ci.org/display/JENKINS/HashiCorp+Vault+Plugin I'm going to leave this ticket open until you have the opportunity to test. Take note of the caveats section in the readme/wiki.
          Hide
          kgatdula Kenny Gatdula added a comment -

          Peter Tierno I tried to install this via the update center today with no luck. I downloaded the plugin and installed it manually. it seems to work great. here's a snippet of configuration I ended up using.

          def aws_secrets = [
              [$class: 'VaultSecret', path: 'aws/creds/deploy',
                secretValues: [
                  [$class: 'VaultSecretValue', envVar: 'AWS_ACCESS_KEY_ID', vaultKey: 'access_key'],
                  [$class: 'VaultSecretValue', envVar: 'AWS_SECRET_ACCESS_KEY', vaultKey: 'secret_key']]]
            ]
          
          Show
          kgatdula Kenny Gatdula added a comment - Peter Tierno I tried to install this via the update center today with no luck. I downloaded the plugin and installed it manually. it seems to work great. here's a snippet of configuration I ended up using. def aws_secrets = [ [$class: 'VaultSecret' , path: 'aws/creds/deploy' , secretValues: [ [$class: 'VaultSecretValue' , envVar: 'AWS_ACCESS_KEY_ID' , vaultKey: 'access_key' ], [$class: 'VaultSecretValue' , envVar: 'AWS_SECRET_ACCESS_KEY' , vaultKey: 'secret_key' ]]] ]
          Hide
          ptierno Peter Tierno added a comment -

          Kenny Gatdula Thanks for the feed back. Not sure what is taking so long for the 1.1 release to become available via update center. if its not there by the end of the weekend i'll inquire about it. Thanks for the feedback. marking this as resolved.

          Show
          ptierno Peter Tierno added a comment - Kenny Gatdula Thanks for the feed back. Not sure what is taking so long for the 1.1 release to become available via update center. if its not there by the end of the weekend i'll inquire about it. Thanks for the feedback. marking this as resolved.

            People

            • Assignee:
              ptierno Peter Tierno
              Reporter:
              kgatdula Kenny Gatdula
            • Votes:
              0 Vote for this issue
              Watchers:
              2 Start watching this issue

              Dates

              • Created:
                Updated:
                Resolved: