Username and Password to checkout git in Jenkinsfile (groovy)

Previous Topic Next Topic
 
classic Classic list List threaded Threaded
4 messages Options
Reply | Threaded
Open this post in threaded view
|

Username and Password to checkout git in Jenkinsfile (groovy)

Vikas Kumar

We are trying to use AWS DynamoDB (with KMS encrypted values) to store our secrets rather than using Jenkins Credentials. This is advised by our security team.

I am able to fetch secrets (git username and password) as variables on Jenkins slaves, but not sure how to use those to checkout git repository using those.


This is our existing code


stage('SCM Checkout') {
    checkout([$class: 'GitSCM', branches: [[name: "*/${GIT_BRANCH}"]],
        doGenerateSubmoduleConfigurations: false, extensions: [], submoduleCfg: [],
        userRemoteConfigs: [[credentialsId: 'GIT_PASSWORD', url: "${GIT_URL}"]]])
}


I want to use variable GIT_USER and GIT_PASSWORD (fetched from AWS) instead of using credentialsId

--
You received this message because you are subscribed to the Google Groups "Jenkins Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email to [hidden email].
To view this discussion on the web visit https://groups.google.com/d/msgid/jenkinsci-users/7a811855-da28-4a82-9b33-ac824b5e89a3%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
Reply | Threaded
Open this post in threaded view
|

Re: Username and Password to checkout git in Jenkinsfile (groovy)

Mark Waite-2
If your GIT_URL is https, then you could embed the username and password into the URL.  For example, the URL:


can be 


Mark Waite

On Sun, Oct 1, 2017 at 8:36 PM Vikas Kumar <[hidden email]> wrote:

We are trying to use AWS DynamoDB (with KMS encrypted values) to store our secrets rather than using Jenkins Credentials. This is advised by our security team.

I am able to fetch secrets (git username and password) as variables on Jenkins slaves, but not sure how to use those to checkout git repository using those.


This is our existing code


stage('SCM Checkout') {
    checkout([$class: 'GitSCM', branches: [[name: "*/${GIT_BRANCH}"]],
        doGenerateSubmoduleConfigurations: false, extensions: [], submoduleCfg: [],
        userRemoteConfigs: [[credentialsId: 'GIT_PASSWORD', url: "${GIT_URL}"]]])
}


I want to use variable GIT_USER and GIT_PASSWORD (fetched from AWS) instead of using credentialsId

--
You received this message because you are subscribed to the Google Groups "Jenkins Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email to [hidden email].
To view this discussion on the web visit https://groups.google.com/d/msgid/jenkinsci-users/7a811855-da28-4a82-9b33-ac824b5e89a3%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

--
You received this message because you are subscribed to the Google Groups "Jenkins Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email to [hidden email].
To view this discussion on the web visit https://groups.google.com/d/msgid/jenkinsci-users/CAO49JtFdptkFauCGXshyMjGh5Zy4v9s5VXgyYWD5EUMa-CZ%2BGQ%40mail.gmail.com.
For more options, visit https://groups.google.com/d/optout.
Reply | Threaded
Open this post in threaded view
|

Re: Username and Password to checkout git in Jenkinsfile (groovy)

Vikas Kumar
Thanks Mark, yeah this is one option but in this case, username and password are visible in console output. I am thinking to use SSH Keys.


On Monday, 2 October 2017 13:46:24 UTC+11, Mark Waite wrote:
If your GIT_URL is https, then you could embed the username and password into the URL.  For example, the URL:

    <a href="https://github.com/user/repo" target="_blank" rel="nofollow" onmousedown="this.href=&#39;https://www.google.com/url?q\x3dhttps%3A%2F%2Fgithub.com%2Fuser%2Frepo\x26sa\x3dD\x26sntz\x3d1\x26usg\x3dAFQjCNEOpQhMYgPdlIf11LAE0ZbiMlzd3g&#39;;return true;" onclick="this.href=&#39;https://www.google.com/url?q\x3dhttps%3A%2F%2Fgithub.com%2Fuser%2Frepo\x26sa\x3dD\x26sntz\x3d1\x26usg\x3dAFQjCNEOpQhMYgPdlIf11LAE0ZbiMlzd3g&#39;;return true;">https://github.com/user/repo

can be 

    <a href="https://username:password@github.com/user/repo" target="_blank" rel="nofollow" onmousedown="this.href=&#39;https://www.google.com/url?q\x3dhttps%3A%2F%2Fusername%3Apassword%40github.com%2Fuser%2Frepo\x26sa\x3dD\x26sntz\x3d1\x26usg\x3dAFQjCNEx6sisKY51SNWmkPPJb1kwk3dBUg&#39;;return true;" onclick="this.href=&#39;https://www.google.com/url?q\x3dhttps%3A%2F%2Fusername%3Apassword%40github.com%2Fuser%2Frepo\x26sa\x3dD\x26sntz\x3d1\x26usg\x3dAFQjCNEx6sisKY51SNWmkPPJb1kwk3dBUg&#39;;return true;">https://username:password@github.com/user/repo 

Mark Waite

On Sun, Oct 1, 2017 at 8:36 PM Vikas Kumar <<a href="javascript:" target="_blank" gdf-obfuscated-mailto="u2-9rBwUBAAJ" rel="nofollow" onmousedown="this.href=&#39;javascript:&#39;;return true;" onclick="this.href=&#39;javascript:&#39;;return true;">vika...@...> wrote:

We are trying to use AWS DynamoDB (with KMS encrypted values) to store our secrets rather than using Jenkins Credentials. This is advised by our security team.

I am able to fetch secrets (git username and password) as variables on Jenkins slaves, but not sure how to use those to checkout git repository using those.


This is our existing code


stage('SCM Checkout') {
    checkout([$class: 'GitSCM', branches: [[name: "*/${GIT_BRANCH}"]],
        doGenerateSubmoduleConfigurations: false, extensions: [], submoduleCfg: [],
        userRemoteConfigs: [[credentialsId: 'GIT_PASSWORD', url: "${GIT_URL}"]]])
}


I want to use variable GIT_USER and GIT_PASSWORD (fetched from AWS) instead of using credentialsId

--
You received this message because you are subscribed to the Google Groups "Jenkins Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email to <a href="javascript:" target="_blank" gdf-obfuscated-mailto="u2-9rBwUBAAJ" rel="nofollow" onmousedown="this.href=&#39;javascript:&#39;;return true;" onclick="this.href=&#39;javascript:&#39;;return true;">jenkinsci-use...@googlegroups.com.
To view this discussion on the web visit <a href="https://groups.google.com/d/msgid/jenkinsci-users/7a811855-da28-4a82-9b33-ac824b5e89a3%40googlegroups.com?utm_medium=email&amp;utm_source=footer" target="_blank" rel="nofollow" onmousedown="this.href=&#39;https://groups.google.com/d/msgid/jenkinsci-users/7a811855-da28-4a82-9b33-ac824b5e89a3%40googlegroups.com?utm_medium\x3demail\x26utm_source\x3dfooter&#39;;return true;" onclick="this.href=&#39;https://groups.google.com/d/msgid/jenkinsci-users/7a811855-da28-4a82-9b33-ac824b5e89a3%40googlegroups.com?utm_medium\x3demail\x26utm_source\x3dfooter&#39;;return true;">https://groups.google.com/d/msgid/jenkinsci-users/7a811855-da28-4a82-9b33-ac824b5e89a3%40googlegroups.com.
For more options, visit <a href="https://groups.google.com/d/optout" target="_blank" rel="nofollow" onmousedown="this.href=&#39;https://groups.google.com/d/optout&#39;;return true;" onclick="this.href=&#39;https://groups.google.com/d/optout&#39;;return true;">https://groups.google.com/d/optout.

--
You received this message because you are subscribed to the Google Groups "Jenkins Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email to [hidden email].
To view this discussion on the web visit https://groups.google.com/d/msgid/jenkinsci-users/4c5d568f-4ff0-4acc-b509-dc8ca0adec67%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
Reply | Threaded
Open this post in threaded view
|

Re: Username and Password to checkout git in Jenkinsfile (groovy)

Vikas Kumar
I have got a solution. Pls see this link for details. Thanks.

On Monday, 2 October 2017 15:13:20 UTC+11, Vikas Kumar wrote:
Thanks Mark, yeah this is one option but in this case, username and password are visible in console output. I am thinking to use SSH Keys.


On Monday, 2 October 2017 13:46:24 UTC+11, Mark Waite wrote:
If your GIT_URL is https, then you could embed the username and password into the URL.  For example, the URL:

    <a href="https://github.com/user/repo" rel="nofollow" target="_blank" onmousedown="this.href=&#39;https://www.google.com/url?q\x3dhttps%3A%2F%2Fgithub.com%2Fuser%2Frepo\x26sa\x3dD\x26sntz\x3d1\x26usg\x3dAFQjCNEOpQhMYgPdlIf11LAE0ZbiMlzd3g&#39;;return true;" onclick="this.href=&#39;https://www.google.com/url?q\x3dhttps%3A%2F%2Fgithub.com%2Fuser%2Frepo\x26sa\x3dD\x26sntz\x3d1\x26usg\x3dAFQjCNEOpQhMYgPdlIf11LAE0ZbiMlzd3g&#39;;return true;">https://github.com/user/repo

can be 

    <a href="https://username:password@github.com/user/repo" rel="nofollow" target="_blank" onmousedown="this.href=&#39;https://www.google.com/url?q\x3dhttps%3A%2F%2Fusername%3Apassword%40github.com%2Fuser%2Frepo\x26sa\x3dD\x26sntz\x3d1\x26usg\x3dAFQjCNEx6sisKY51SNWmkPPJb1kwk3dBUg&#39;;return true;" onclick="this.href=&#39;https://www.google.com/url?q\x3dhttps%3A%2F%2Fusername%3Apassword%40github.com%2Fuser%2Frepo\x26sa\x3dD\x26sntz\x3d1\x26usg\x3dAFQjCNEx6sisKY51SNWmkPPJb1kwk3dBUg&#39;;return true;">https://username:password@github.com/user/repo 

Mark Waite

On Sun, Oct 1, 2017 at 8:36 PM Vikas Kumar <[hidden email]> wrote:

We are trying to use AWS DynamoDB (with KMS encrypted values) to store our secrets rather than using Jenkins Credentials. This is advised by our security team.

I am able to fetch secrets (git username and password) as variables on Jenkins slaves, but not sure how to use those to checkout git repository using those.


This is our existing code


stage('SCM Checkout') {
    checkout([$class: 'GitSCM', branches: [[name: "*/${GIT_BRANCH}"]],
        doGenerateSubmoduleConfigurations: false, extensions: [], submoduleCfg: [],
        userRemoteConfigs: [[credentialsId: 'GIT_PASSWORD', url: "${GIT_URL}"]]])
}


I want to use variable GIT_USER and GIT_PASSWORD (fetched from AWS) instead of using credentialsId

--
You received this message because you are subscribed to the Google Groups "Jenkins Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email to jenkinsci-use...@googlegroups.com.
To view this discussion on the web visit <a href="https://groups.google.com/d/msgid/jenkinsci-users/7a811855-da28-4a82-9b33-ac824b5e89a3%40googlegroups.com?utm_medium=email&amp;utm_source=footer" rel="nofollow" target="_blank" onmousedown="this.href=&#39;https://groups.google.com/d/msgid/jenkinsci-users/7a811855-da28-4a82-9b33-ac824b5e89a3%40googlegroups.com?utm_medium\x3demail\x26utm_source\x3dfooter&#39;;return true;" onclick="this.href=&#39;https://groups.google.com/d/msgid/jenkinsci-users/7a811855-da28-4a82-9b33-ac824b5e89a3%40googlegroups.com?utm_medium\x3demail\x26utm_source\x3dfooter&#39;;return true;">https://groups.google.com/d/msgid/jenkinsci-users/7a811855-da28-4a82-9b33-ac824b5e89a3%40googlegroups.com.
For more options, visit <a href="https://groups.google.com/d/optout" rel="nofollow" target="_blank" onmousedown="this.href=&#39;https://groups.google.com/d/optout&#39;;return true;" onclick="this.href=&#39;https://groups.google.com/d/optout&#39;;return true;">https://groups.google.com/d/optout.

--
You received this message because you are subscribed to the Google Groups "Jenkins Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email to [hidden email].
To view this discussion on the web visit https://groups.google.com/d/msgid/jenkinsci-users/9343240a-fab3-4269-bfe2-a5bcf2ddc24c%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.