Yes that shoud work. Although I think for a user it would be easier to have a cli command or api method to populate the env variable in Jenkins. Since in systems which are not isolated, storing a credentials in plain text can involve risk.
Here is a small example from Travis, Travis has CLI tool, that logs into your travis instance. Let's say there is a file with my personal access token with the name `.gitlab_token` If I run travis `travis encrypt-file .gitlab_token`, this generates an encoded file `.gitlab_token.enc` and pushes the necessary env variables to travis repository required to decrypt my file. This file can be decrypted in the build step by adding: openssl aes-256-cbc -K $encrypted_0a6446eb3ae3_key -iv $encrypted_0a6446eb3ae3_iv -in .gitlab_token.enc -out .gitlab_token -d For encrypting env variables, it uses RSA key pair. The docs <https://docs.travis-ci.com/user/encryption-keys/> can explain this better. This more close to Jenkins pipeline but I think we can do a similar thing in JCasC so that we do not have to depend on docker secrets or azure secrets or any external party support. On Tue, Jun 11, 2019 at 3:37 PM Tim Jacomb <[email protected]> wrote: > What I do for this is set the SECRETS environment variably and point it to > a directory on the file system which had the secrets in it. > Basically pretending I’m using docker secrets > > Thanks > Tim > > On Tue, 11 Jun 2019 at 10:27, Parichay Barpanda < > [email protected]> wrote: > >> Thanks Gaven. Groovy is cool but we are using JCasC yaml to create >> credentials. I want to populate an environment variable and use it in my >> config.yaml. I want to know if there is a way to do it without using docker >> secrets. For example, when running Jenkins instance inside a VM or using >> jenkins.war file on local machine. Is there a way to do it in these cases >> (without going through UI)? >> >> The config file looks like this: >> >>> credentials: >>> system: >>> domainCredentials: >>> - credentials: >>> - gitlabPersonalAccessToken: >>> scope: SYSTEM >>> id: "i<3GitLab" >>> token: ${GITLAB_PERSONAL_ACCESS_TOKEN} >>> >>> >> >> On Tue, Jun 11, 2019 at 10:04 AM Gavin Mogan <[email protected]> >> wrote: >> >>> You can unsafely access the script console - >>> https://wiki.jenkins.io/display/JENKINS/Jenkins+Script+Console >>> >>> then you can create credentials using groovy, example - >>> https://github.com/halkeye-docker/docker-jenkins/blob/22ba8c4408b3a16188dc9fe967293849e8f12468/groovy/0012-add-tokens.groovy#L50-L57 >>> >>> On Mon, Jun 10, 2019 at 8:12 PM Parichay Barpanda < >>> [email protected]> wrote: >>> >>>> For example, >>>> >>>> To delete a job, you can make a POST request to Jenkins server as: >>>> >>>> curl -X POST http://localhost:8080/job/my-job-name/doDelete --user >>>> jenkins:f1499cc9852c899d327a1f644e61a64d >>>> >>>> where, >>>> *username*: jenkins >>>> *api token*: f1499cc9852c899d327a1f644e61a64d >>>> >>>> On Tuesday, June 11, 2019 at 8:24:32 AM UTC+5:30, Parichay Barpanda >>>> wrote: >>>>> >>>>> Hi all, >>>>> >>>>> I am trying to figure out a way to add an environment variable to >>>>> Jenkins without using the UI. Is there a way to do it via API? The >>>>> intention is to let user add credentials to Jenkins without using UI. >>>>> Please let me know if you have a solution to this. >>>>> >>>>> Thanks. >>>>> >>>>> Regards, >>>>> Parichay (baymac) >>>>> >>>>> >>>>> -- >>>> You received this message because you are subscribed to the Google >>>> Groups "Jenkins Developers" group. >>>> To unsubscribe from this group and stop receiving emails from it, send >>>> an email to [email protected]. >>>> To view this discussion on the web visit >>>> https://groups.google.com/d/msgid/jenkinsci-dev/abc16929-b9e6-4e38-86c9-af7233f2451e%40googlegroups.com >>>> <https://groups.google.com/d/msgid/jenkinsci-dev/abc16929-b9e6-4e38-86c9-af7233f2451e%40googlegroups.com?utm_medium=email&utm_source=footer> >>>> . >>>> For more options, visit https://groups.google.com/d/optout. >>>> >>> -- >>> You received this message because you are subscribed to the Google >>> Groups "Jenkins Developers" group. >>> To unsubscribe from this group and stop receiving emails from it, send >>> an email to [email protected]. >>> To view this discussion on the web visit >>> https://groups.google.com/d/msgid/jenkinsci-dev/CAAgr96%2B2deU7v64sgJruQ02X0S34D31FYtEFN9ak57zN4Uo2PA%40mail.gmail.com >>> <https://groups.google.com/d/msgid/jenkinsci-dev/CAAgr96%2B2deU7v64sgJruQ02X0S34D31FYtEFN9ak57zN4Uo2PA%40mail.gmail.com?utm_medium=email&utm_source=footer> >>> . >>> For more options, visit https://groups.google.com/d/optout. >>> >> -- >> You received this message because you are subscribed to the Google Groups >> "Jenkins Developers" group. >> To unsubscribe from this group and stop receiving emails from it, send an >> email to [email protected]. >> To view this discussion on the web visit >> https://groups.google.com/d/msgid/jenkinsci-dev/CAD0DWANNZbsP%3D-jJ58Va-4t3a%3Dko5A2nWseXA46SXk23WT9%2BHQ%40mail.gmail.com >> <https://groups.google.com/d/msgid/jenkinsci-dev/CAD0DWANNZbsP%3D-jJ58Va-4t3a%3Dko5A2nWseXA46SXk23WT9%2BHQ%40mail.gmail.com?utm_medium=email&utm_source=footer> >> . >> For more options, visit https://groups.google.com/d/optout. >> > -- > You received this message because you are subscribed to the Google Groups > "Jenkins Developers" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to [email protected]. > To view this discussion on the web visit > https://groups.google.com/d/msgid/jenkinsci-dev/CAH-3Bif6ui7k%3D5%3DdakfMw%2BO1bLU3Lyk3pfLX%3DFjNGL8OL4N4OQ%40mail.gmail.com > <https://groups.google.com/d/msgid/jenkinsci-dev/CAH-3Bif6ui7k%3D5%3DdakfMw%2BO1bLU3Lyk3pfLX%3DFjNGL8OL4N4OQ%40mail.gmail.com?utm_medium=email&utm_source=footer> > . > For more options, visit https://groups.google.com/d/optout. > -- You received this message because you are subscribed to the Google Groups "Jenkins Developers" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/d/msgid/jenkinsci-dev/CAD0DWAMmOiWu6m9KxYpN%2Bzjk4g8exqOoKi3Yxd7904ET3NZ4Yw%40mail.gmail.com. For more options, visit https://groups.google.com/d/optout.
