Jenkins
Last updated
Was this helpful?
Last updated
Was this helpful?
This walkthrough will guide you through using Jenkins with CloudTruth enabling you to manage your multiple environments parameters and secrets from a centralized location.
You have created one or more .
You have created a .
Working knowledge of .
installed
This example will install Jenkins as a based on the official Jenkins guide. The Dockerfile will be customized to install the in the official . Secrets and variables will be passed directly into Jenkins pipelines with the CloudTruth CLI.
Create a in Docker using the following command:
Customize the official Jenkins Docker image:
Build a new docker image from this dockerfile:
Run the customized image:
Obtain the admin password for your deploy once the container is running:
Navigate to Dashboard -> Manage Credentials -> Jenkins store -> Global credentials -> Add:
Select the Credential Kind as Secret text
.
From the Jenkins dashboard select New Item
. Provide a name, select pipeline and hit OK:
Provide the parameter Name as CLOUDTRUTH_API_KEY
. The CloudTruth CLI uses this variable to pull secrets and parameters from CloudTruth.
Add the following pipeline script and click Save:
You can update the CLI command with your own parameter or create a parameter named jenkins
in MyFirstProject
.
You can use these CLI commands to set the variables used in this example:
From the pipeline click Build with Parameters
and select CloudTruth API Key
then click Build.
From the build page view the Console Output. The parameter value pipeline
is successfully set and echoed in our pipeline stage!
From the Plugin Manager search for Mask Passwords. Select the plugin and Install with a restart of Jenkins.
We can now use the MaskPasswordsBuildWrapper
and withEnv
to wrap the CloudTruth secret returned from our CLI call.
The following groovy is an example pipeline script that sets a masked environment variable using the plugin wrapper.
As a result when viewing the console output the secret is masked in the echo. It is also masked when viewing an export of the current environment variables for the step.
With this technique the secrets are also masked in Blue Ocean build details.
Navigate to to login and customize Jenkins with a username of admin
and the password you obtained from the previous step. You can Install Suggested plugins from this screen to complete setup and skip the rest of the configuration.
Adding a for the CloudTruth API key allows a Jenkins pipeline to securely access parameters and secrets stored in CloudTruth.
Fill in the Secret field with a as a Jenkins Global Credential. Add a description which is used to reference the key in the pipeline then click OK.
Select This project is parameterized
and add a .
Select Default value as the we created as the value for CLOUDTRUTH_API_KEY
and mark the parameter as required.
This groovy script sets the CLOUDTRUTH_API_KEY
using the Jenkins value we specified as a pipeline parameter. It then populates an environment variable CLOUDTRUTH_PARAMETER
with a sh script that calls the CLI. This allows variables to be used in downstream stages.
Jenkins will automatically mask built in like the CloudTruth API key. When using external secret stores we will call the plugin.
The pipeline is built with the CloudTruth API key as described in . We set a variable from a CloudTruth parameter called secret
.