Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

JCasC HashiCorp Vault Secret Source: Add support for space separated vault key paths in CASC_VAULT_PATHS #158

Open
tsurankov opened this issue Feb 12, 2021 · 5 comments
Open

JCasC HashiCorp Vault Secret Source: Add support for space separated vault key paths in CASC_VAULT_PATHS #158

tsurankov opened this issue Feb 12, 2021 · 5 comments

Comments

@tsurankov
Copy link

Feature Request

I like the idea of using HashiCorp Vault Secret Source as a secret source for credentials creation and managing secrets in JCasC configuration using helm on k8s.
At the moment the only way to set up multiple secrets is to specify them as a comma separated string which is inconvenient if there are a lot of secrets and secrets' paths. If there are spaces between paths, then jenkins won't start up. So the variable should be passed as a very long string:

    - name: CASC_VAULT_PATHS
      value: secret/jenkins/credentials, devops/applications/app1/password,dev/applications/app2/aws/credentials, {...}

The workaround exists, we can specify paths in double quotes like in the following example:

    - name: CASC_VAULT_PATHS
      value: 
      "\
      secret/jenkins/credentials,\
      devops/applications/app1/password,\
      dev/applications/app2/aws/credentials,\
      {...}
      "

However, It would be much clear to have possibility to specify paths in regular yaml format:

    - name: CASC_VAULT_PATHS
      value: >-
        secret/jenkins/credentials
        devops/applications/app1/password
        dev/applications/app2/aws/credentials
        {...}

That will result in the space separated string of value key paths:
CASC_VAULT_PATHS=secret/jenkins/credentials devops/applications/app1/password dev/applications/app2/aws/credentials

If there was a way to specify CASC_VAULT_PATHS in both ways: as a comma separated string or as a space separated string, then it would simplify configuration a lot.
@tsurankov tsurankov mentioned this issue Feb 12, 2021
Closed
@jetersen
Copy link
Member

but why, just use yaml will collapse it to be comma separated.

- name: CASC_VAULT_PATHS
  value: >-
    secret/jenkins/credentials,
    devops/applications/app1/password,
    dev/applications/app2/aws/credentials,

@tsurankov
Copy link
Author

@jetersen Yes, this will collapse to a comma separated string, but with spaces after commas. Jenkins fails with this configuration

secret/jenkins/credentials, devops/applications/app1/password, dev/applications/app2/aws/credentials

@tsurankov tsurankov mentioned this issue Feb 12, 2021
Open
@tsurankov
Copy link
Author

I have added a regexp to parse a string that may contain spaces: #159

@jetersen
Copy link
Member

This won't work, you can have spaces in the path.

@tsurankov
Copy link
Author

@jetersen But the same point applies for commas, meaning you can create a vault secret with commas in the path. This is up to user how to use a tool

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@jetersen @tsurankov