Chris Kilding
unread,Oct 13, 2020, 10:04:57 AM10/13/20Sign in to reply to author
Sign in to forward
You do not have permission to delete messages in this group
Sign in to report message
Either email addresses are anonymous for this group or you need the view member email addresses permission to view the original message
to jenkin...@googlegroups.com
Hello,
I've had some users express interest in being able to namespace their credentials, so that they can reuse credential IDs in different namespaces. The motivation is to make it simpler to reference the same credential (e.g. an Artifactory deploy key) across environments (e.g. staging, production) where that credential's value is different per environment.
This can obviously be done today by prefixing the credential with the environment name, but they would like a more elegant solution.
Example:
- The backing store secret with ID "staging/foo" becomes a credential with ID "foo" in the namespace "staging"
- The backing store secret with ID "production/foo" becomes a credential with ID "foo" in the namespace "production"
- The backing store secret with ID "foo" becomes a credential with ID "foo" in the default namespace
Does Jenkins provide a way to namespace credentials, so that a credential ID need only be unique within its namespace, rather than within the whole provider or globally?
Regards,
Chris
PS We have looked at credential domains, which do some of what the users want. But unfortunately they don't seem to support full namespacing: if a credential is within a domain, it's still visible in the provider's overall list, so its ID must still be unique within the whole provider. This means the example above can't work, and prefixes would still be necessary.
PS We have also looked at the folders credential provider, but namespaces are not necessarily aligned 1:1 with folders or access control: we may want credentials in a certain namespace to be used by jobs in more than 1 folder (or no folder).