[JIRA] (JENKINS-60401) Consider merging secret-ssm into aws-secrets-manager

[josephp90@gmail.com (JIRA)]

Joseph Petersen created an issue

Jenkins / JENKINS-60401 Consider merging secret-ssm into aws-secrets-manager Issue Type: Task Assignee: Chris Kilding Components: aws-secrets-manager-credentials-provider-plugin, configuration-as-code-secret-ssm-plugin Created: 2019-12-09 12:15 Priority: Minor Reporter: Joseph Petersen Hi guys Perhaps consider merging the two plugins as they seem to try to solve the same problem from different angles and you will properly have an conflict about dependencies if installing both plugins. Chris Kilding Patrik Boström Add Comment

This message was sent by Atlassian Jira (v7.13.6#713006-sha1:cc4451f)

[chris+jenkins@chriskilding.com (JIRA)]

Chris Kilding commented on JENKINS-60401

Re: Consider merging secret-ssm into aws-secrets-manager My coworker had an interesting take on this. He suggested that when he's writing a CasC YAML file and needs to specify a secret key for something, he would like the ability to reference a Jenkins credential's ID in the value slot, with some kind of interpolation syntax. The high level result would be that any credential, from any provider, could be used to fill in the secret value for that CasC entry.

Add Comment

[josephp90@gmail.com (JIRA)]

Joseph Petersen commented on JENKINS-60401

Re: Consider merging secret-ssm into aws-secrets-manager

Chris Kilding while your coworker idea is great. There will be a problem between configuring said provider and at the same time using that provider to reveal secrets. However this should be possible to solve to always configure credentials provider first and then have a secret resolver use the credentials provider

Add Comment

[chris+jenkins@chriskilding.com (JIRA)]

Chris Kilding commented on JENKINS-60401

Re: Consider merging secret-ssm into aws-secrets-manager

Hi Joseph, would this involving some specific logic to CasC so it knows to always read the credential provider config before doing secret resolution? Or could all of that be done in the (proposed) new secrets resolver?

Add Comment

[chris+jenkins@chriskilding.com (JIRA)]

Chris Kilding updated an issue

Jenkins / JENKINS-60401

Consider merging secret-ssm into aws-secrets-manager

Change By: Chris Kilding Comment:

Hi Joseph, would this involving some specific logic to CasC so it knows to always read the credential provider config before doing secret resolution? Or could all of that be done in the (proposed) new secrets resolver?

Add Comment

[chris+jenkins@chriskilding.com (JIRA)]

Chris Kilding commented on JENKINS-60401

Re: Consider merging secret-ssm into aws-secrets-manager Since Secrets Manager is a distinct service from Parameter Store, they should probably continue to be handled by different plugins. However, it could make sense to add a Secrets Manager SecretSource implementation to this plugin, so that CasC can populate all secrets from Secrets Manager - not just the ones that can be referenced through the CredentialsProvider API. (I'm thinking of the bootstrapping secrets that CasC can't get from a CredentialsProvider.) This would be the counterpart of the Parameter Store SecretSource implementation in the ssm plugin. Thoughts?

Add Comment

[chris+jenkins@chriskilding.com (JIRA)]

Chris Kilding commented on JENKINS-60401

Re: Consider merging secret-ssm into aws-secrets-manager

I have written up the feature description in JENKINS-61291

Add Comment

This message was sent by Atlassian Jira (v7.13.12#713012-sha1:6e07c38)

[josephp90@gmail.com (JIRA)]

Joseph Petersen assigned an issue to Joseph Petersen

Jenkins / JENKINS-60401

Consider merging secret-ssm into aws-secrets-manager

Change By: Joseph Petersen Assignee: Chris Kilding Joseph Petersen

Add Comment

[josephp90@gmail.com (JIRA)]

Joseph Petersen assigned an issue to Chris Kilding

Jenkins / JENKINS-60401 Consider merging secret-ssm into aws-secrets-manager

Change By: Joseph Petersen Assignee: Joseph Petersen Chris Kilding

Add Comment