On Tuesday, September 25, 2018 at 9:38:10 PM UTC+1, Damien Coraboeuf wrote: > > Hi Nicolas, > > Thanks for your feedback. > > In our case, we're using CasC to maintain and push known and tested > versions of a Jenkins master into a production environment, but we wanted > to still accept some degree of freedom, esp. when it comes to credential > management. > > An alternative is to use an external mgt system like Vault (I think it's > possible to use Vault as a backend for Jenkins credentials but this remains > to be tested). > > If you are running on (or can configure jenkins to access to a k8s cluster) you can store the credentials as k8s secrets. https://jenkinsci.github.io/kubernetes-credentials-provider-plugin/
> Or I could drop the CasC file for the credentials, and do it using Groovy > init.d files, as I did in the (bad) old times :) > > Best regards, > Damien Coraboeuf > > On Tue, Sep 25, 2018 at 10:28 PM nicolas de loof <[email protected] > <javascript:>> wrote: > >> A feature we'd like to investigate for JCasC is to make the web UI >> read-only once configured from yaml >> The specific sample of credentials could be adapted to support "preserve >> existing entries" but we have no way to support this in a generic way >> Also, JCasC is designed to support re-creating an equivalent jenkins >> master from scratch, so from this point of view this would make no sense. >> >> Le mar. 25 sept. 2018 à 22:07, <[email protected] <javascript:>> >> a écrit : >> >>> But many things are otherwise preserved. I feel the implementation of >>> the credentials configuration is doing a none vs. all approach, not taking >>> into account existing entries: >>> >>> In SystemCredentialsProviderConfigurator: >>> >>> target.setDomainCredentialsMap(DomainCredentials.asMap(value)) >>> >>> >>> Maybe this code could be replaced to preserve existing entries. >>> >>> >>> On Tuesday, September 25, 2018 at 10:03:00 PM UTC+2, >>> [email protected] wrote: >>>> >>>> I've created the PR at >>>> https://github.com/jenkinsci/configuration-as-code-plugin/pull/556 to >>>> show an unit test reproducing the issue. >>>> >>>> On Tuesday, September 25, 2018 at 9:04:31 PM UTC+2, >>>> [email protected] wrote: >>>>> >>>>> Hi, >>>>> >>>>> We're using Jenkins 2.121.3 and CasC 1.0. One thing we define as code >>>>> is a list of credentials (some SSH keys, some user/passwords, etc.) >>>>> common >>>>> to all our instances but we let also the administrators of a Jenkins >>>>> instance define their own credential entries. >>>>> >>>>> However, when the Jenkins instance is restarted, only the credential >>>>> entries defined by the CasC files are kept, and all the ones which were >>>>> added manually are lost. >>>>> >>>>> Is there a way to prevent this? >>>>> >>>>> Thanks, >>>>> Damien Coraboeuf >>>>> >>>> -- >>> You received this message because you are subscribed to the Google >>> Groups "Jenkins Users" group. >>> To unsubscribe from this group and stop receiving emails from it, send >>> an email to [email protected] <javascript:>. >>> To view this discussion on the web visit >>> https://groups.google.com/d/msgid/jenkinsci-users/fb5e1d2b-4df3-4950-902d-5f18490b2ea5%40googlegroups.com >>> >>> <https://groups.google.com/d/msgid/jenkinsci-users/fb5e1d2b-4df3-4950-902d-5f18490b2ea5%40googlegroups.com?utm_medium=email&utm_source=footer> >>> . >>> For more options, visit https://groups.google.com/d/optout. >>> >> >> >> -- >> Nicolas De Loof >> >> -- >> You received this message because you are subscribed to the Google Groups >> "Jenkins Users" group. >> To unsubscribe from this group and stop receiving emails from it, send an >> email to [email protected] <javascript:>. >> To view this discussion on the web visit >> https://groups.google.com/d/msgid/jenkinsci-users/CANMVJzn_LpJBVQbjHKGLmF51oAsyWW7E%2BNxng9sB-KCHKtb%2BWQ%40mail.gmail.com >> >> <https://groups.google.com/d/msgid/jenkinsci-users/CANMVJzn_LpJBVQbjHKGLmF51oAsyWW7E%2BNxng9sB-KCHKtb%2BWQ%40mail.gmail.com?utm_medium=email&utm_source=footer> >> . >> For more options, visit https://groups.google.com/d/optout. >> > -- You received this message because you are subscribed to the Google Groups "Jenkins Users" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/d/msgid/jenkinsci-users/1f8ca36e-7111-41a3-b128-3658860d9ff0%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
