-
Notifications
You must be signed in to change notification settings - Fork 43
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Support username/password credentials stored as JSON formatted secret #97
Comments
Just noticed, that you document a work-around under advanced usage using a string secret type and readJSON. Unfortunately this approach does not work in places where we cannot add custom credential post-processing. |
Which places are you unable to add custom credential post-processing for? I ask because our teams at work that use JSON values for credentials have been able to achieve what they want with the |
We use a few Jenkins plugins that we configure via CasC yaml, which need direct references to credentialIds. (One recent example which triggered me to create this issue: The influxdb plugin migrated from plain username/password to credentialId.) We could probably replace all global plugin configuration with job-local configuration (using the |
The reason this is unfortunately not possible is that the username field has to be supplied when credentials are listed, as well as when they are used in a job. The credentials list is populated with a I get where you're coming from - it would be nice if different tools would share secrets more easily - but alas the credentials API doesn't provide wiggle room here. |
@chriskilding Hm, thanks very much for your analysis. What do you think of the following compromise: If all our json secrets additionally had a The jenkins plugin would use the regular username tag for |
Feature Request
Some of our secrets are stored in JSON format (example from aws cli):
To access this type of secret from Jenkins, we currently duplicate them in the format supported by this plugin for username/password secrets ("raw" secret with the tags
jenkins:credentials:type = usernamePassword
andjenkins:credentials:username = david
).We would like to avoid this duplication, as it is currently a manual step for us and we need to keep the duplicated secrets manually in sync during password rotations.
Suggestion
Support a set of additional tags for the
jenkins:credentials:type = usernamePassword
type, which allows the plugin to read the correct JSON fields:jenkins:credentials:usernameField = username
jenkins:credentials:passwordField = password
This would allow any JSON formatted secret and support any possible field names.
To clarify, the following JSON secret:
would have the following tags attached:
jenkins:credentials:type = usernamePassword
jenkins:credentials:usernameField = user
jenkins:credentials:passwordField = pass
Alternative
A simpler, less flexible alternative would be to add a new credentials type specifically for the common JSON format with
username
andpassword
fields. Possiblyjenkins:credentials:type = jsonUsernamePassword
.The text was updated successfully, but these errors were encountered: