×
Find plugins

Amazon S3 Bucket Credentials0.2.2Minimum Jenkins requirement: 1.596.1ID: aws-bucket-credentials

Plugin Information

Plugin ID

aws-bucket-credentials

Changes

In Latest Release
Since Latest Release

Latest Release
Latest Release Date
Required Core
Dependencies

0.2.2 (archives)
Oct 10, 2017
1.596.1
credentials (version:2.1.11)
credentials-binding (version:1.7)
aws-java-sdk (version:1.11.68)

Source Code
Issue Tracking
Pull Requests
Maintainer(s)

GitHub
Open Issues
Pull Requests
Stephen Galbraith (id: stevegal)

Usage

Installations

2017-Feb 31
2017-Mar 159
2017-Apr 227
2017-May 309
2017-Jun 371
2017-Jul 431
2017-Aug 508
2017-Sep 539

Allows the retrieval of kms encrypted credentials from an s3 bucket using Amazon Web Services

Allows you to store a secret in s3, either encrypted with KMS or a straight get from bucket (you should use SSE in this case)

History 

Version 0.2.2

 

  • Kms Encryption is now optional, but the preferred choice. To not use kms encryption you need to check the checkbox to use a raw get from s3. Use this only if you know you have encrypted the secret in the bucket using SSE

Once installed navigate to the credentials section and add a new AWS-Bucket-Credentials. You'll see the screen below. There are also binding available for the credentials pipelines

You can use the bindings in the pipeline in the normal way, e.g

pipeline {
  stages{
    stage("cmd") {
      steps{
         withCredentials([usernamePassword(credentialsId: 'id-2', usernameVariable: 'USERNAME', passwordVariable: 'PASSWORD')]) {
           // available as an env variable, but will be masked if you try to print it out any which way
           sh 'echo $PASSWORD'
           // also available as a Groovy variable—note double quotes for string interpolation
           echo "$USERNAME"
         }
      }
    }
  }
}
Know Issues:
  • does not currently work on jenkins slaves unless the slave has full access to master. This is because the bucket secret is obtained as late as possible.
    • If you want the slave to have access to the secret at runtime you must explicitly allow the slave unrestricted access to master. Only do this with due diligence as specified in the caveats surrounding slaves. You must fully trust the slave before relaxing the security measures.
  • There is an issue with the ui not showing properly if the you are getting your secret straight from s3 without using kms and you chose to view the credential with the update functionality. It does not show that you are avoiding kms, but shows as if you are using kms. Functionality is not effected, but if you click save ensure you re-check the option to avoid kms

Version 0.2.1

  • do not use

Version 0.2.0

  • KMS encryption is now optional. If you leave the kms secret name null, then you'll get the result from the s3 bucket. This is useful for server side encryption on the s3 bucket side

Version 0.1.1

  • Fixes NPE when jenkins used a credential set before a restart caused by serialization

Version 0.1 

  • Initial working upload

Setup

Simply define the username for these credentials. Then, to obtain the password

  1. Define the Region ("eu-west-1" style casing)

Define how to use S3

  1. the bucket name and 
  2. object id
  3. are you needing to use a proxy to connect to the s3 bucket

then the kms details 

  1. the kms secret name
  2. the (optional) extra details Name/Value pair - this is has to match what was used to encrypt the password originally
  3. are you needing to use a proxy to connect to kms

Finally there is a section on the proxy setup (only important if you need to use a proxy in either of the steps above)

  1. Proxy host
  2. Proxy port

The password will now be obtained when the "getPassword" as called.

These credentials can be used anywhere a username/password credentials are allowed in a plugin.

Credential binding is also provided using the class AwsBucketCredentialsBinding and the username can be linked to the "usernameVariable" and the password can be linked to the "passwordVariable"

ArchivesGet past versions
Labels