Updated our plugin to store the api key as a Secret, and to use a logging function that prepends logging messages with some context.
The decision was made to go with storing the api key as a Secret for a couple of reasons. 1) Using full credentials is an unnecessary step, as this isn't truly a username/password set. 2) The api key provides write only, and so would not compromise further secrets if spilled. 3) The api key is revokable. Please let me know if you have any further questions. On Tuesday, August 25, 2015 at 6:14:25 PM UTC-4, Kanstantsin Shautsou wrote: > > Better look on any existing plugin, you need > 1) add credentials into plugin dependency > 2) add in jelly/groovy page credentials form, then refer it as > <c:credentials>… > 3) add in descriptor magic doFill* method > 4) store credentialsID instead direct apiKey > 5) whenever you need real apiKey resolve credentialsId into real password > and use it > 6) don’t expose in jenkins API credentials for not auth people (have no > examples). > > On Aug 26, 2015, at 01:07, John Zeller <[email protected] <javascript:>> > wrote: > > Thanks for the feedback! I agree, using credentials is better. I looked > around to find a good way to grab the credentials list, and I am having a > bit of trouble. > > Do you know of a good example of allowing the user to choose a credential > from the `Manage Jenkins -> Configure System` screen, and then retrieving > that chosen credential again? > > On Monday, August 24, 2015 at 6:05:10 PM UTC-4, Kanstantsin Shautsou wrote: >> >> At first look >> https://github.com/DataDog/jenkins-datadog-plugin/blob/master/src/main/java/org/datadog/jenkins/plugins/datadogbuildreporter/DatadogBuildListener.java#L428 >> >> : >> - private String apiKey; -> use credentials >> - stream handling probably requires tries >> - listener.getLogger().println("Started build!"); -> printing messages >> with unknown source place is a headache for debug, put some prefix >> ... >> > > -- > You received this message because you are subscribed to a topic in the > Google Groups "Jenkins Developers" group. > To unsubscribe from this topic, visit > https://groups.google.com/d/topic/jenkinsci-dev/GXkpWaPm-wE/unsubscribe. > To unsubscribe from this group and all its topics, send an email to > [email protected] <javascript:>. > To view this discussion on the web visit > https://groups.google.com/d/msgid/jenkinsci-dev/e27747a4-05d6-4612-992e-6df6c66400d4%40googlegroups.com > > <https://groups.google.com/d/msgid/jenkinsci-dev/e27747a4-05d6-4612-992e-6df6c66400d4%40googlegroups.com?utm_medium=email&utm_source=footer> > . > For more options, visit https://groups.google.com/d/optout. > > > -- You received this message because you are subscribed to the Google Groups "Jenkins Developers" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/d/msgid/jenkinsci-dev/a0307cc6-035c-4abc-8005-5e20106d494b%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
