Details

    • Similar Issues:

      Description

      Provide example how to use HashiCorp Vault Plugin with Jenkins Declarative Pipeline.

        Attachments

          Activity

          Hide
          ptierno Peter Tierno added a comment -

          My initial testing failed when using this in a declarative pipeline. Will see what needs done to get it working and document.

          Show
          ptierno Peter Tierno added a comment - My initial testing failed when using this in a declarative pipeline. Will see what needs done to get it working and document.
          Hide
          sean_middleton Sean Middleton added a comment -

          Hi, was there any update on this issue in the end? Looking to use the Vault plugin with a declarative pipeline but some information I've read suggests declarative pipelines aren't currently supported with the Vault plugin? 

          Show
          sean_middleton Sean Middleton added a comment - Hi, was there any update on this issue in the end? Looking to use the Vault plugin with a declarative pipeline but some information I've read suggests declarative pipelines aren't currently supported with the Vault plugin? 
          Hide
          teh_leet Arturas R added a comment -

          Hope it helps

          pipeline {
            agent none
            stages {
              stage('Vault') {
                  agent {
                    node {
                      label 'linux'
                    }
                  }
          
                  steps {
                    script {
                      node {
                        // define the secrets and the env variables
                        def secrets = [
                          [$class: 'VaultSecret', path: 'secret/testing', secretValues: [
                            [$class: 'VaultSecretValue', envVar: 'testing', vaultKey: 'value_one'],
                            [$class: 'VaultSecretValue', envVar: 'testing_again', vaultKey: 'value_two']]],
                          [$class: 'VaultSecret', path: 'secret/another_test', secretValues: [
                            [$class: 'VaultSecretValue', envVar: 'another_test', vaultKey: 'value']]]
                        ]
          
                        // optional configuration, if you do not provide this the next higher configuration
                        // (e.g. folder or global) will be used
                        def configuration = [$class: 'VaultConfiguration',
                                            vaultUrl: 'http://my-very-other-vault-url.com',
                                            vaultCredentialId: 'my-vault-cred-id']
          
                        // inside this block your credentials will be available as env variables
                        wrap([$class: 'VaultBuildWrapper', configuration: configuration, vaultSecrets: secrets]) {
                          sh 'echo $testing'
                          sh 'echo $testing_again'
                          sh 'echo $another_test'
                        }
                      }
                    }
                  }
                }
              }
            }
          }
          
          Show
          teh_leet Arturas R added a comment - Hope it helps pipeline { agent none stages { stage( 'Vault' ) { agent { node { label 'linux' } } steps { script { node { // define the secrets and the env variables def secrets = [ [$class: 'VaultSecret' , path: 'secret/testing' , secretValues: [ [$class: 'VaultSecretValue' , envVar: 'testing' , vaultKey: 'value_one' ], [$class: 'VaultSecretValue' , envVar: 'testing_again' , vaultKey: 'value_two' ]]], [$class: 'VaultSecret' , path: 'secret/another_test' , secretValues: [ [$class: 'VaultSecretValue' , envVar: 'another_test' , vaultKey: 'value' ]]] ] // optional configuration, if you do not provide this the next higher configuration // (e.g. folder or global) will be used def configuration = [$class: 'VaultConfiguration' , vaultUrl: 'http: //my-very-other-vault-url.com' , vaultCredentialId: 'my-vault-cred-id' ] // inside this block your credentials will be available as env variables wrap([$class: 'VaultBuildWrapper' , configuration: configuration, vaultSecrets: secrets]) { sh 'echo $testing' sh 'echo $testing_again' sh 'echo $another_test' } } } } } } } }
          Hide
          vassil vassil marjunits added a comment - - edited

          After version 2.3.0 and higher,
          3.0.0 was latest, when this comment was made

          // define vault configuration
          def configuration = [engineVersion: 1, 
                               skipSslVerification: true, 
                               timeout: 60, 
                               vaultUrl: "http://my-vault.com:8200", 
                               vaultCredentialId: "my-vault-cred-id"]
          // define vault secret path and env var
          def secret = [
                [path: 'dev/kv1', secretValues: [
                  [envVar: 'PASSWORD', vaultKey: 'password'],
                  [envVar: 'USER', vaultKey: 'user']]]
          ]
          pipeline {
              agent any
              options {
                  buildDiscarder(logRotator(numToKeepStr: '20'))
                  disableConcurrentBuilds()
              }
              stages{   
                  stage('Vault') {
                      steps {
                          script {
                              withVault([configuration: configuration, vaultSecrets: secret]) {
                                   sh 'echo $PASSWORD'
                                   sh 'echo $USER'
                              }
                          }
                      }  
                  }
              }
              post {
                  always {
                      cleanWs()
                  }
              }
          }
          
          
          

           

          Show
          vassil vassil marjunits added a comment - - edited After version 2.3.0 and higher, 3.0.0 was latest, when this comment was made // define vault configuration def configuration = [engineVersion: 1, skipSslVerification: true , timeout: 60, vaultUrl: "http: //my-vault.com:8200" , vaultCredentialId: "my-vault-cred-id" ] // define vault secret path and env var def secret = [ [path: 'dev/kv1' , secretValues: [ [envVar: 'PASSWORD' , vaultKey: 'password' ], [envVar: 'USER' , vaultKey: 'user' ]]] ] pipeline { agent any options { buildDiscarder(logRotator(numToKeepStr: '20' )) disableConcurrentBuilds() } stages{ stage( 'Vault' ) { steps { script { withVault([configuration: configuration, vaultSecrets: secret]) { sh 'echo $PASSWORD' sh 'echo $USER' } } } } } post { always { cleanWs() } } }  

            People

            • Assignee:
              ptierno Peter Tierno
              Reporter:
              tsutsarin_fuib Nikolay Tsutsarin
            • Votes:
              3 Vote for this issue
              Watchers:
              6 Start watching this issue

              Dates

              • Created:
                Updated: