Jenkins - 在 Jenkinsfile 中结帐 git 的用户名和密码(groovy)
[英]Jenkins - Username and Password to checkout git in Jenkinsfile (groovy)
问题描述
We are trying to use AWS DynamoDB (with KMS encrypted values) to store our secrets rather than using Jenkins Credentials.
我们正在尝试使用 AWS DynamoDB(带有 KMS 加密值)来存储我们的秘密,而不是使用 Jenkins 凭证。 This is advised by our security team.这是我们的安全团队建议的。
I am able to fetch secrets (git username and password) as variables on Jenkins slaves, but not sure how to use those to checkout git repository using those.我能够获取机密(git 用户名和密码)作为 Jenkins 从机上的变量,但不确定如何使用它们来使用这些来检出git 存储库。
This is our existing code这是我们现有的代码
stage('SCM Checkout') {
checkout([$class: 'GitSCM', branches: [[name: "*/${GIT_BRANCH}"]],
doGenerateSubmoduleConfigurations: false, extensions: [], submoduleCfg: [],
userRemoteConfigs: [[credentialsId: 'GIT_PASSWORD', url: "${GIT_URL}"]]])
}
I want to use variable GIT_USER and GIT_PASSWORD (fetched from AWS) instead of using credentialsId我想使用变量 GIT_USER 和 GIT_PASSWORD(从 AWS 获取)而不是使用credentialsId
1 个解决方案
解决方案1
1 已采纳 2017-10-02 04:44:17
Okay, I have finally come up with a solution by using SSH Key.好的,我终于想出了一个使用 SSH Key 的解决方案。 In my server startup script ( AWS user data ), I have fetched (from DynamoDB) keys and username of my Git Repository ( AWS CodeCommit ) and stored them in ~/.ssh/sshkey and ~/.ssh/config files respectively.在我的服务器启动脚本( AWS 用户数据)中,我已经(从 DynamoDB)获取了我的 Git 存储库( AWS CodeCommit )的密钥和用户名,并将它们分别存储在~/.ssh/sshkey和~/.ssh/config文件中。
Here, is my ~/.ssh/config file这是我的~/.ssh/config文件
Host git-codecommit.<my_aws_region>.amazonaws.com
User <my_user>
StrictHostKeyChecking no
IdentityFile ~/.ssh/sshkey
PreferredAuthentications publickey
And, here is the stage to checkout git repository.而且,这是检出git 存储库的阶段。
stage('Checkout SCM') {
git url: 'ssh://git-codecommit.<my_aws_region>.amazonaws.com/v1/repos/<my_repo>', branch: '<my_branch>'
}
This is not exactly what I was looking for in the starting, but solves my issue.这不是我一开始想要的,但解决了我的问题。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.