Best practices for integration of credentials in a plugin

[jcsirot]

Hello,

I am working on the integration of the ansible vault feature (i.e. password protected configuration files) in the ansible plugin. I want to give the possibility to select the password from the credential plugin dropdown box. So I see 3 possibilities to do that :

1. Use the SSHUserPassword from the SSH Credential plugin. The username is then ignored. It works but I find this solution ugly.

2. Depend on a plugin which provides a password-only credential provider. For instance the Plain Credential plugin. But I think this provides a poor user experience.

3. Implement a dedicated credential provider in the Ansible plugin. This is probably the best solution regarding the user experience but it duplicates some code.

Is there any solution I missed or is there some good practices to follow here.

Thanks in advance for your feedback.

[Adrien Lecharpentier]

Jean-Christophe,

I would say using the Plain Credential Plugin if you only need a "secured" field for the vault. What is the issue with it? Maybe it is possible to improvement it?

Best regards.

--
You received this message because you are subscribed to the Google Groups "Jenkins Developers" group.
To unsubscribe from this group and stop receiving emails from it, send an email to jenkinsci-de...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/jenkinsci-dev/524089f5-4005-4720-af20-9c7b0580e61f%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[jcsirot]

Hi Adrien,

Well, there is no real issue with the Plain Credential Plugin but I find that the label "secret text" used by this plugin when creating a new credential entry is a little bit vague. Using a simple password field would also work but I prefer using a credential item in order to avoid password in plain text when the ansible plugin is used within a workflow job.

[Adrien Lecharpentier]

Jean-Christophe,

so I would say use the Plain Credential plugin. A plain text password is *never* the answer. 

I agree that the field name can be vague, but we can discuss about it with Jesse or create a quick PR.

-- Adrien

To view this discussion on the web visit https://groups.google.com/d/msgid/jenkinsci-dev/023fe378-f4fb-4e8c-b70a-f6870b971b10%40googlegroups.com.

[Stephen Connolly]

IMHO you should be looking by *interface* i.e. you want any credential that implements both PasswordCredentials and StandardCredentials. 

You should not be looking for a specific implementation type.

If you look for a concrete implementation class then you prevent somebody implementing an external credential store that returns a different implementation type

To view this discussion on the web visit https://groups.google.com/d/msgid/jenkinsci-dev/CAKwJSvydr3-W2fWuNu%2BPGmMVfO6TvTkBWeruuE09MzBTG7PsTQ%40mail.gmail.com.

[Jesse Glick]

I think you can look for `UsernamePasswordCredentials` or `StringCredentials`.