One weird thing is that the settings get lost after Jenkins restart. Any
idea what's going on?
package org.jenkinsci.plugins.osfbuildersuite.githubcheckruns.webhook;
import hudson.Extension;
import hudson.util.Secret;
import jenkins.model.GlobalConfiguration;
import org.kohsuke.stapler.DataBoundSetter;
@Extension
public class GitHubCheckRunConfiguration extends GlobalConfiguration {
private Secret webhookSecret;
public static GitHubCheckRunConfiguration get() {
return GlobalConfiguration.all().get(GitHubCheckRunConfiguration.class);
}
@SuppressWarnings("unused")
public GitHubCheckRunConfiguration() {
load();
}
@SuppressWarnings("unused")
public Secret getWebhookSecret() {
return webhookSecret;
}
@SuppressWarnings("unused")
@DataBoundSetter
public void setWebhookSecret(Secret webhookSecret) {
this.webhookSecret = webhookSecret;
}
}
On Thursday, April 4, 2019 at 4:49:29 PM UTC+3, Daniel Anechitoaie wrote:
>
> Perfect. The global-configuration archetype example was super helpful. I
> got it working. Thank you.
> Yes, using a secret makes sense more than whole credentials here.
>
>
> On Thursday, April 4, 2019 at 3:47:07 PM UTC+3, Jesse Glick wrote:
>>
>> On Thu, Apr 4, 2019 at 6:52 AM Daniel Beck <[email protected]> wrote:
>> > Create a GlobalConfiguration
>>
>> Easiest to start with
>>
>> https://github.com/jenkinsci/archetypes#usage
>>
>> even if you throw away the toy plugin afterwards.
>>
>>
>> I am not sure what kind of “credentials” you are referring to here. To
>> validate a token you would I guess want Jenkins to store some sort of
>> public key, or simply a token hash (you could use
>> `org.mindrot.jbcrypt.BCrypt`). If you do want to protect a public
>> key/hash a bit more, save it as a `Secret` rather than a `String`.
>>
>> When we talk about “credentials” we usually refer specifically to
>>
>>
>> https://github.com/jenkinsci/credentials-plugin/blob/master/docs/README.adoc
>>
>> which should not be necessary if Jenkins itself is not retaining
>> anything especially secret. An `IdCredentials.id` would imply that you
>> expect a secret value to potentially be used in multiple places or
>> even loaded from Vault or a Kubernetes `Secret`, which seems unlikely
>> in this case.
>>
>
--
You received this message because you are subscribed to the Google Groups
"Jenkins Developers" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
To view this discussion on the web visit
https://groups.google.com/d/msgid/jenkinsci-dev/c2669549-b0fe-45a0-a4d9-27d924214216%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
