Use HashiCorp Vault secret to autenticate GitHub in jenkins pipeline

Asked Aug 08 '22 at 12:23

Active Aug 08 '22 at 15:49

Viewed 264 times

I am trying to aunthenticate GitHub repository, wth the token I retrieve from HashiCorp Vault. Git plugin supports only the parameter credentialsId, which takes credentials stored in Jenkins (username and password). Is there a way, how to autenticate with the variable, which contains token?

jenkins pipeline code:

node {

    def secrets = [
        [path: 'ddci/test', engineVersion: 2, secretValues: [
            [envVar: 'token', vaultKey: 'heslo']
      ]]     
    ]
 
    def configuration = [vaultUrl: 'https://vault.tools.sap/',
                         vaultCredentialId: 'hashicorp_vault',
                         engineVersion: 2]
  
  
    stage('use token to authenticate GITHub') { 
      withVault([configuration: configuration, vaultSecrets: secrets]) {
        git credentialsId: '$heslo', url: 'https://github.tools.sap/AZURE-PIPELINES-SYSDEV/decdev-ci-verification', branch: 'master'
    }
    }
  
}

edited Aug 08 '22 at 15:49

torek

448,244
59
642
775

asked Aug 08 '22 at 12:23

Michal Škultéty

1

You will definitely need the full `GitSCM` class in the `scm` step, which also contains the `VaultSCM` class. The thin wrapper step method `git` will not be robust enough for you here. Beyond that, I am not entirely sure the best way to do this. – Matthew Schuchard Aug 08 '22 at 18:25

Use HashiCorp Vault secret to autenticate GitHub in jenkins pipeline

0 Answers0