add vaultSecretFileReferences (#2203)

* add vaultSecretFileReferences

* fix test

* fix test

* go generate

* remove code duplication

Co-authored-by: Christopher Fenner <26137398+CCFenner@users.noreply.github.com>

cmd/abapAddonAssemblyKitCheckCVs_generated.go

@@ -93,6 +93,7 @@ It resolves the dotted version string into version, support package level and pa
 			telemetryData := telemetry.CustomData{}
 			telemetryData.ErrorCode = "1"
 			handler := func() {
+				config.RemoveVaultSecretFiles()
 				commonPipelineEnvironment.persist(GeneralConfig.EnvRootPath, "commonPipelineEnvironment")
 				telemetryData.Duration = fmt.Sprintf("%v", time.Since(startTime).Milliseconds())
 				telemetryData.ErrorCategory = log.GetErrorCategory().String()

cmd/abapAddonAssemblyKitCheckPV_generated.go

@@ -93,6 +93,7 @@ It resolves the dotted version string into version, support package stack level
 			telemetryData := telemetry.CustomData{}
 			telemetryData.ErrorCode = "1"
 			handler := func() {
+				config.RemoveVaultSecretFiles()
 				commonPipelineEnvironment.persist(GeneralConfig.EnvRootPath, "commonPipelineEnvironment")
 				telemetryData.Duration = fmt.Sprintf("%v", time.Since(startTime).Milliseconds())
 				telemetryData.ErrorCategory = log.GetErrorCategory().String()

cmd/abapAddonAssemblyKitCreateTargetVector_generated.go

@@ -93,6 +93,7 @@ The Target Vector describes the software state, which shall be reached in the ma
 			telemetryData := telemetry.CustomData{}
 			telemetryData.ErrorCode = "1"
 			handler := func() {
+				config.RemoveVaultSecretFiles()
 				commonPipelineEnvironment.persist(GeneralConfig.EnvRootPath, "commonPipelineEnvironment")
 				telemetryData.Duration = fmt.Sprintf("%v", time.Since(startTime).Milliseconds())
 				telemetryData.ErrorCategory = log.GetErrorCategory().String()

cmd/abapAddonAssemblyKitPublishTargetVector_generated.go

@@ -62,6 +62,7 @@ With targetVectorScope "T" the Target Vector will be published to the test envir
 			telemetryData := telemetry.CustomData{}
 			telemetryData.ErrorCode = "1"
 			handler := func() {
+				config.RemoveVaultSecretFiles()
 				telemetryData.Duration = fmt.Sprintf("%v", time.Since(startTime).Milliseconds())
 				telemetryData.ErrorCategory = log.GetErrorCategory().String()
 				telemetry.Send(&telemetryData)

cmd/abapAddonAssemblyKitRegisterPackages_generated.go

@@ -94,6 +94,7 @@ The new status "L"ocked is written back to the addonDescriptor in the commonPipe
 			telemetryData := telemetry.CustomData{}
 			telemetryData.ErrorCode = "1"
 			handler := func() {
+				config.RemoveVaultSecretFiles()
 				commonPipelineEnvironment.persist(GeneralConfig.EnvRootPath, "commonPipelineEnvironment")
 				telemetryData.Duration = fmt.Sprintf("%v", time.Since(startTime).Milliseconds())
 				telemetryData.ErrorCategory = log.GetErrorCategory().String()

cmd/abapAddonAssemblyKitReleasePackages_generated.go

@@ -91,6 +91,7 @@ store. The new status "R"eleased is written back to the addonDescriptor in the c
 			telemetryData := telemetry.CustomData{}
 			telemetryData.ErrorCode = "1"
 			handler := func() {
+				config.RemoveVaultSecretFiles()
 				commonPipelineEnvironment.persist(GeneralConfig.EnvRootPath, "commonPipelineEnvironment")
 				telemetryData.Duration = fmt.Sprintf("%v", time.Since(startTime).Milliseconds())
 				telemetryData.ErrorCategory = log.GetErrorCategory().String()

cmd/abapAddonAssemblyKitReserveNextPackages_generated.go

@@ -96,6 +96,7 @@ The name, type and namespace of each package is written back to the addonDescrip
 			telemetryData := telemetry.CustomData{}
 			telemetryData.ErrorCode = "1"
 			handler := func() {
+				config.RemoveVaultSecretFiles()
 				commonPipelineEnvironment.persist(GeneralConfig.EnvRootPath, "commonPipelineEnvironment")
 				telemetryData.Duration = fmt.Sprintf("%v", time.Since(startTime).Milliseconds())
 				telemetryData.ErrorCategory = log.GetErrorCategory().String()

cmd/abapEnvironmentAssemblePackages_generated.go

@@ -98,6 +98,7 @@ Platform ABAP Environment system and saves the corresponding [SAR archive](https
 			telemetryData := telemetry.CustomData{}
 			telemetryData.ErrorCode = "1"
 			handler := func() {
+				config.RemoveVaultSecretFiles()
 				commonPipelineEnvironment.persist(GeneralConfig.EnvRootPath, "commonPipelineEnvironment")
 				telemetryData.Duration = fmt.Sprintf("%v", time.Since(startTime).Milliseconds())
 				telemetryData.ErrorCategory = log.GetErrorCategory().String()

cmd/abapEnvironmentCheckoutBranch_generated.go

@@ -72,6 +72,7 @@ Please provide either of the following options:
 			telemetryData := telemetry.CustomData{}
 			telemetryData.ErrorCode = "1"
 			handler := func() {
+				config.RemoveVaultSecretFiles()
 				telemetryData.Duration = fmt.Sprintf("%v", time.Since(startTime).Milliseconds())
 				telemetryData.ErrorCategory = log.GetErrorCategory().String()
 				telemetry.Send(&telemetryData)

cmd/abapEnvironmentCloneGitRepo_generated.go

@@ -72,6 +72,7 @@ Please provide either of the following options:
 			telemetryData := telemetry.CustomData{}
 			telemetryData.ErrorCode = "1"
 			handler := func() {
+				config.RemoveVaultSecretFiles()
 				telemetryData.Duration = fmt.Sprintf("%v", time.Since(startTime).Milliseconds())
 				telemetryData.ErrorCategory = log.GetErrorCategory().String()
 				telemetry.Send(&telemetryData)

cmd/abapEnvironmentPullGitRepo_generated.go

@@ -71,6 +71,7 @@ Please provide either of the following options:
 			telemetryData := telemetry.CustomData{}
 			telemetryData.ErrorCode = "1"
 			handler := func() {
+				config.RemoveVaultSecretFiles()
 				telemetryData.Duration = fmt.Sprintf("%v", time.Since(startTime).Milliseconds())
 				telemetryData.ErrorCategory = log.GetErrorCategory().String()
 				telemetry.Send(&telemetryData)

cmd/abapEnvironmentRunATCCheck_generated.go

@@ -73,6 +73,7 @@ Regardless of the option you chose, please make sure to provide the configuratio
 			telemetryData := telemetry.CustomData{}
 			telemetryData.ErrorCode = "1"
 			handler := func() {
+				config.RemoveVaultSecretFiles()
 				telemetryData.Duration = fmt.Sprintf("%v", time.Since(startTime).Milliseconds())
 				telemetryData.ErrorCategory = log.GetErrorCategory().String()
 				telemetry.Send(&telemetryData)

cmd/artifactPrepareVersion_generated.go

@@ -173,6 +173,7 @@ Define ` + "`" + `buildTool: custom` + "`" + `, ` + "`" + `filePath: <path to yo
 			telemetryData := telemetry.CustomData{}
 			telemetryData.ErrorCode = "1"
 			handler := func() {
+				config.RemoveVaultSecretFiles()
 				commonPipelineEnvironment.persist(GeneralConfig.EnvRootPath, "commonPipelineEnvironment")
 				telemetryData.Duration = fmt.Sprintf("%v", time.Since(startTime).Milliseconds())
 				telemetryData.ErrorCategory = log.GetErrorCategory().String()

cmd/checkmarxExecuteScan_generated.go

@@ -209,6 +209,7 @@ thresholds instead of ` + "`" + `percentage` + "`" + ` whereas we strongly recom
 			telemetryData := telemetry.CustomData{}
 			telemetryData.ErrorCode = "1"
 			handler := func() {
+				config.RemoveVaultSecretFiles()
 				influx.persist(GeneralConfig.EnvRootPath, "influx")
 				telemetryData.Duration = fmt.Sprintf("%v", time.Since(startTime).Milliseconds())
 				telemetryData.ErrorCategory = log.GetErrorCategory().String()

cmd/cloudFoundryCreateServiceKey_generated.go

@@ -64,6 +64,7 @@ func CloudFoundryCreateServiceKeyCommand() *cobra.Command {
 			telemetryData := telemetry.CustomData{}
 			telemetryData.ErrorCode = "1"
 			handler := func() {
+				config.RemoveVaultSecretFiles()
 				telemetryData.Duration = fmt.Sprintf("%v", time.Since(startTime).Milliseconds())
 				telemetryData.ErrorCategory = log.GetErrorCategory().String()
 				telemetry.Send(&telemetryData)

cmd/cloudFoundryCreateService_generated.go

@@ -76,6 +76,7 @@ Please provide either of the following options:
 			telemetryData := telemetry.CustomData{}
 			telemetryData.ErrorCode = "1"
 			handler := func() {
+				config.RemoveVaultSecretFiles()
 				telemetryData.Duration = fmt.Sprintf("%v", time.Since(startTime).Milliseconds())
 				telemetryData.ErrorCategory = log.GetErrorCategory().String()
 				telemetry.Send(&telemetryData)

cmd/cloudFoundryCreateSpace_generated.go

@@ -63,6 +63,7 @@ Mandatory:
 			telemetryData := telemetry.CustomData{}
 			telemetryData.ErrorCode = "1"
 			handler := func() {
+				config.RemoveVaultSecretFiles()
 				telemetryData.Duration = fmt.Sprintf("%v", time.Since(startTime).Milliseconds())
 				telemetryData.ErrorCategory = log.GetErrorCategory().String()
 				telemetry.Send(&telemetryData)

cmd/cloudFoundryDeleteService_generated.go

@@ -63,6 +63,7 @@ func CloudFoundryDeleteServiceCommand() *cobra.Command {
 			telemetryData := telemetry.CustomData{}
 			telemetryData.ErrorCode = "1"
 			handler := func() {
+				config.RemoveVaultSecretFiles()
 				telemetryData.Duration = fmt.Sprintf("%v", time.Since(startTime).Milliseconds())
 				telemetryData.ErrorCategory = log.GetErrorCategory().String()
 				telemetry.Send(&telemetryData)

cmd/cloudFoundryDeleteSpace_generated.go

@@ -63,6 +63,7 @@ Mandatory:
 			telemetryData := telemetry.CustomData{}
 			telemetryData.ErrorCode = "1"
 			handler := func() {
+				config.RemoveVaultSecretFiles()
 				telemetryData.Duration = fmt.Sprintf("%v", time.Since(startTime).Milliseconds())
 				telemetryData.ErrorCategory = log.GetErrorCategory().String()
 				telemetry.Send(&telemetryData)

cmd/cloudFoundryDeploy_generated.go

@@ -136,6 +136,7 @@ func CloudFoundryDeployCommand() *cobra.Command {
 			telemetryData := telemetry.CustomData{}
 			telemetryData.ErrorCode = "1"
 			handler := func() {
+				config.RemoveVaultSecretFiles()
 				influx.persist(GeneralConfig.EnvRootPath, "influx")
 				telemetryData.Duration = fmt.Sprintf("%v", time.Since(startTime).Milliseconds())
 				telemetryData.ErrorCategory = log.GetErrorCategory().String()

cmd/containerSaveImage_generated.go

@@ -60,6 +60,7 @@ It can be used no matter if a Docker daemon is available or not. It will also wo
 			telemetryData := telemetry.CustomData{}
 			telemetryData.ErrorCode = "1"
 			handler := func() {
+				config.RemoveVaultSecretFiles()
 				telemetryData.Duration = fmt.Sprintf("%v", time.Since(startTime).Milliseconds())
 				telemetryData.ErrorCategory = log.GetErrorCategory().String()
 				telemetry.Send(&telemetryData)

cmd/detectExecuteScan_generated.go

@@ -71,6 +71,7 @@ Please configure your BlackDuck server Url using the serverUrl parameter and the
 			telemetryData := telemetry.CustomData{}
 			telemetryData.ErrorCode = "1"
 			handler := func() {
+				config.RemoveVaultSecretFiles()
 				telemetryData.Duration = fmt.Sprintf("%v", time.Since(startTime).Milliseconds())
 				telemetryData.ErrorCategory = log.GetErrorCategory().String()
 				telemetry.Send(&telemetryData)

cmd/fortifyExecuteScan_generated.go

@@ -170,6 +170,7 @@ DISCLAIMER: The step has not yet been tested on a wide variaty of projects, and
 			telemetryData := telemetry.CustomData{}
 			telemetryData.ErrorCode = "1"
 			handler := func() {
+				config.RemoveVaultSecretFiles()
 				influx.persist(GeneralConfig.EnvRootPath, "influx")
 				telemetryData.Duration = fmt.Sprintf("%v", time.Since(startTime).Milliseconds())
 				telemetryData.ErrorCategory = log.GetErrorCategory().String()

cmd/gctsCloneRepository_generated.go

@@ -61,6 +61,7 @@ func GctsCloneRepositoryCommand() *cobra.Command {
 			telemetryData := telemetry.CustomData{}
 			telemetryData.ErrorCode = "1"
 			handler := func() {
+				config.RemoveVaultSecretFiles()
 				telemetryData.Duration = fmt.Sprintf("%v", time.Since(startTime).Milliseconds())
 				telemetryData.ErrorCategory = log.GetErrorCategory().String()
 				telemetry.Send(&telemetryData)

cmd/gctsCreateRepository_generated.go

@@ -65,6 +65,7 @@ func GctsCreateRepositoryCommand() *cobra.Command {
 			telemetryData := telemetry.CustomData{}
 			telemetryData.ErrorCode = "1"
 			handler := func() {
+				config.RemoveVaultSecretFiles()
 				telemetryData.Duration = fmt.Sprintf("%v", time.Since(startTime).Milliseconds())
 				telemetryData.ErrorCategory = log.GetErrorCategory().String()
 				telemetry.Send(&telemetryData)

cmd/gctsDeploy_generated.go

@@ -62,6 +62,7 @@ func GctsDeployCommand() *cobra.Command {
 			telemetryData := telemetry.CustomData{}
 			telemetryData.ErrorCode = "1"
 			handler := func() {
+				config.RemoveVaultSecretFiles()
 				telemetryData.Duration = fmt.Sprintf("%v", time.Since(startTime).Milliseconds())
 				telemetryData.ErrorCategory = log.GetErrorCategory().String()
 				telemetry.Send(&telemetryData)

cmd/gctsExecuteABAPUnitTests_generated.go

@@ -61,6 +61,7 @@ func GctsExecuteABAPUnitTestsCommand() *cobra.Command {
 			telemetryData := telemetry.CustomData{}
 			telemetryData.ErrorCode = "1"
 			handler := func() {
+				config.RemoveVaultSecretFiles()
 				telemetryData.Duration = fmt.Sprintf("%v", time.Since(startTime).Milliseconds())
 				telemetryData.ErrorCategory = log.GetErrorCategory().String()
 				telemetry.Send(&telemetryData)

cmd/gctsRollback_generated.go

@@ -66,6 +66,7 @@ gctsRollback will rollback to the previously active commit in the local reposito
 			telemetryData := telemetry.CustomData{}
 			telemetryData.ErrorCode = "1"
 			handler := func() {
+				config.RemoveVaultSecretFiles()
 				telemetryData.Duration = fmt.Sprintf("%v", time.Since(startTime).Milliseconds())
 				telemetryData.ErrorCategory = log.GetErrorCategory().String()
 				telemetry.Send(&telemetryData)

cmd/githubCheckBranchProtection_generated.go

@@ -65,6 +65,7 @@ It can for example be used to verify if certain status checks are mandatory. Thi
 			telemetryData := telemetry.CustomData{}
 			telemetryData.ErrorCode = "1"
 			handler := func() {
+				config.RemoveVaultSecretFiles()
 				telemetryData.Duration = fmt.Sprintf("%v", time.Since(startTime).Milliseconds())
 				telemetryData.ErrorCategory = log.GetErrorCategory().String()
 				telemetry.Send(&telemetryData)

cmd/githubCreatePullRequest_generated.go

@@ -68,6 +68,7 @@ It can for example be used for GitOps scenarios or for scenarios where you want
 			telemetryData := telemetry.CustomData{}
 			telemetryData.ErrorCode = "1"
 			handler := func() {
+				config.RemoveVaultSecretFiles()
 				telemetryData.Duration = fmt.Sprintf("%v", time.Since(startTime).Milliseconds())
 				telemetryData.ErrorCategory = log.GetErrorCategory().String()
 				telemetry.Send(&telemetryData)

cmd/githubPublishRelease_generated.go

@@ -79,6 +79,7 @@ The result looks like
 			telemetryData := telemetry.CustomData{}
 			telemetryData.ErrorCode = "1"
 			handler := func() {
+				config.RemoveVaultSecretFiles()
 				telemetryData.Duration = fmt.Sprintf("%v", time.Since(startTime).Milliseconds())
 				telemetryData.ErrorCategory = log.GetErrorCategory().String()
 				telemetry.Send(&telemetryData)

cmd/githubSetCommitStatus_generated.go

@@ -73,6 +73,7 @@ It can for example be used to create additional check indicators for a pull requ
 			telemetryData := telemetry.CustomData{}
 			telemetryData.ErrorCode = "1"
 			handler := func() {
+				config.RemoveVaultSecretFiles()
 				telemetryData.Duration = fmt.Sprintf("%v", time.Since(startTime).Milliseconds())
 				telemetryData.ErrorCategory = log.GetErrorCategory().String()
 				telemetry.Send(&telemetryData)

cmd/gitopsUpdateDeployment_generated.go

@@ -69,6 +69,7 @@ As of today, it supports the update of deployment yaml files via kubectl patch.
 			telemetryData := telemetry.CustomData{}
 			telemetryData.ErrorCode = "1"
 			handler := func() {
+				config.RemoveVaultSecretFiles()
 				telemetryData.Duration = fmt.Sprintf("%v", time.Since(startTime).Milliseconds())
 				telemetryData.ErrorCategory = log.GetErrorCategory().String()
 				telemetry.Send(&telemetryData)

cmd/jsonApplyPatch_generated.go

@@ -58,6 +58,7 @@ This step can, e.g., be used if there is a json schema which needs to be patched
 			telemetryData := telemetry.CustomData{}
 			telemetryData.ErrorCode = "1"
 			handler := func() {
+				config.RemoveVaultSecretFiles()
 				telemetryData.Duration = fmt.Sprintf("%v", time.Since(startTime).Milliseconds())
 				telemetryData.ErrorCategory = log.GetErrorCategory().String()
 				telemetry.Send(&telemetryData)

cmd/kanikoExecute_generated.go

@@ -98,6 +98,7 @@ func KanikoExecuteCommand() *cobra.Command {
 			telemetryData := telemetry.CustomData{}
 			telemetryData.ErrorCode = "1"
 			handler := func() {
+				config.RemoveVaultSecretFiles()
 				commonPipelineEnvironment.persist(GeneralConfig.EnvRootPath, "commonPipelineEnvironment")
 				telemetryData.Duration = fmt.Sprintf("%v", time.Since(startTime).Milliseconds())
 				telemetryData.ErrorCategory = log.GetErrorCategory().String()

cmd/karmaExecuteTests_generated.go

@@ -67,6 +67,7 @@ In the Docker network, the containers can be referenced by the values provided i
 			telemetryData := telemetry.CustomData{}
 			telemetryData.ErrorCode = "1"
 			handler := func() {
+				config.RemoveVaultSecretFiles()
 				telemetryData.Duration = fmt.Sprintf("%v", time.Since(startTime).Milliseconds())
 				telemetryData.ErrorCategory = log.GetErrorCategory().String()
 				telemetry.Send(&telemetryData)

cmd/kubernetesDeploy_generated.go

@@ -95,6 +95,7 @@ helm upgrade <deploymentName> <chartPath> --install --force --namespace <namespa
 			telemetryData := telemetry.CustomData{}
 			telemetryData.ErrorCode = "1"
 			handler := func() {
+				config.RemoveVaultSecretFiles()
 				telemetryData.Duration = fmt.Sprintf("%v", time.Since(startTime).Milliseconds())
 				telemetryData.ErrorCategory = log.GetErrorCategory().String()
 				telemetry.Send(&telemetryData)

cmd/malwareExecuteScan_generated.go

@@ -61,6 +61,7 @@ func MalwareExecuteScanCommand() *cobra.Command {
 			telemetryData := telemetry.CustomData{}
 			telemetryData.ErrorCode = "1"
 			handler := func() {
+				config.RemoveVaultSecretFiles()
 				telemetryData.Duration = fmt.Sprintf("%v", time.Since(startTime).Milliseconds())
 				telemetryData.ErrorCategory = log.GetErrorCategory().String()
 				telemetry.Send(&telemetryData)

cmd/mavenBuild_generated.go

@@ -63,6 +63,7 @@ supports ci friendly versioning by flattening the pom before installing.`,
 			telemetryData := telemetry.CustomData{}
 			telemetryData.ErrorCode = "1"
 			handler := func() {
+				config.RemoveVaultSecretFiles()
 				telemetryData.Duration = fmt.Sprintf("%v", time.Since(startTime).Milliseconds())
 				telemetryData.ErrorCategory = log.GetErrorCategory().String()
 				telemetry.Send(&telemetryData)

cmd/mavenExecuteIntegration_generated.go

@@ -62,6 +62,7 @@ the integration tests via the Jacoco Maven-plugin.`,
 			telemetryData := telemetry.CustomData{}
 			telemetryData.ErrorCode = "1"
 			handler := func() {
+				config.RemoveVaultSecretFiles()
 				telemetryData.Duration = fmt.Sprintf("%v", time.Since(startTime).Milliseconds())
 				telemetryData.ErrorCategory = log.GetErrorCategory().String()
 				telemetry.Send(&telemetryData)

cmd/mavenExecuteStaticCodeChecks_generated.go

@@ -73,6 +73,7 @@ For PMD the failure priority and the max allowed violations are configurable via
 			telemetryData := telemetry.CustomData{}
 			telemetryData.ErrorCode = "1"
 			handler := func() {
+				config.RemoveVaultSecretFiles()
 				telemetryData.Duration = fmt.Sprintf("%v", time.Since(startTime).Milliseconds())
 				telemetryData.ErrorCategory = log.GetErrorCategory().String()
 				telemetry.Send(&telemetryData)

cmd/mavenExecute_generated.go

@@ -63,6 +63,7 @@ func MavenExecuteCommand() *cobra.Command {
 			telemetryData := telemetry.CustomData{}
 			telemetryData.ErrorCode = "1"
 			handler := func() {
+				config.RemoveVaultSecretFiles()
 				telemetryData.Duration = fmt.Sprintf("%v", time.Since(startTime).Milliseconds())
 				telemetryData.ErrorCategory = log.GetErrorCategory().String()
 				telemetry.Send(&telemetryData)

cmd/mtaBuild_generated.go

@@ -95,6 +95,7 @@ func MtaBuildCommand() *cobra.Command {
 			telemetryData := telemetry.CustomData{}
 			telemetryData.ErrorCode = "1"
 			handler := func() {
+				config.RemoveVaultSecretFiles()
 				commonPipelineEnvironment.persist(GeneralConfig.EnvRootPath, "commonPipelineEnvironment")
 				telemetryData.Duration = fmt.Sprintf("%v", time.Since(startTime).Milliseconds())
 				telemetryData.ErrorCategory = log.GetErrorCategory().String()

cmd/nexusUpload_generated.go

@@ -83,6 +83,7 @@ If an image for mavenExecute is configured, and npm packages are to be published
 			telemetryData := telemetry.CustomData{}
 			telemetryData.ErrorCode = "1"
 			handler := func() {
+				config.RemoveVaultSecretFiles()
 				telemetryData.Duration = fmt.Sprintf("%v", time.Since(startTime).Milliseconds())
 				telemetryData.ErrorCategory = log.GetErrorCategory().String()
 				telemetry.Send(&telemetryData)

cmd/npmExecuteLint_generated.go

@@ -57,6 +57,7 @@ either use ESLint configurations present in the project or use the provided gene
 			telemetryData := telemetry.CustomData{}
 			telemetryData.ErrorCode = "1"
 			handler := func() {
+				config.RemoveVaultSecretFiles()
 				telemetryData.Duration = fmt.Sprintf("%v", time.Since(startTime).Milliseconds())
 				telemetryData.ErrorCategory = log.GetErrorCategory().String()
 				telemetry.Send(&telemetryData)

cmd/npmExecuteScripts_generated.go

@@ -60,6 +60,7 @@ func NpmExecuteScriptsCommand() *cobra.Command {
 			telemetryData := telemetry.CustomData{}
 			telemetryData.ErrorCode = "1"
 			handler := func() {
+				config.RemoveVaultSecretFiles()
 				telemetryData.Duration = fmt.Sprintf("%v", time.Since(startTime).Milliseconds())
 				telemetryData.ErrorCategory = log.GetErrorCategory().String()
 				telemetry.Send(&telemetryData)

cmd/protecodeExecuteScan_generated.go

@@ -124,6 +124,7 @@ func ProtecodeExecuteScanCommand() *cobra.Command {
 			telemetryData := telemetry.CustomData{}
 			telemetryData.ErrorCode = "1"
 			handler := func() {
+				config.RemoveVaultSecretFiles()
 				influx.persist(GeneralConfig.EnvRootPath, "influx")
 				telemetryData.Duration = fmt.Sprintf("%v", time.Since(startTime).Milliseconds())
 				telemetryData.ErrorCategory = log.GetErrorCategory().String()

cmd/sonarExecuteScan_generated.go

@@ -117,6 +117,7 @@ func SonarExecuteScanCommand() *cobra.Command {
 			telemetryData := telemetry.CustomData{}
 			telemetryData.ErrorCode = "1"
 			handler := func() {
+				config.RemoveVaultSecretFiles()
 				influx.persist(GeneralConfig.EnvRootPath, "influx")
 				telemetryData.Duration = fmt.Sprintf("%v", time.Since(startTime).Milliseconds())
 				telemetryData.ErrorCategory = log.GetErrorCategory().String()

cmd/whitesourceExecuteScan_generated.go

@@ -107,6 +107,7 @@ check and additional Free and Open Source Software Publicly Known Vulnerabilitie
 			telemetryData := telemetry.CustomData{}
 			telemetryData.ErrorCode = "1"
 			handler := func() {
+				config.RemoveVaultSecretFiles()
 				telemetryData.Duration = fmt.Sprintf("%v", time.Since(startTime).Milliseconds())
 				telemetryData.ErrorCategory = log.GetErrorCategory().String()
 				telemetry.Send(&telemetryData)

cmd/xsDeploy_generated.go

@@ -98,6 +98,7 @@ func XsDeployCommand() *cobra.Command {
 			telemetryData := telemetry.CustomData{}
 			telemetryData.ErrorCode = "1"
 			handler := func() {
+				config.RemoveVaultSecretFiles()
 				commonPipelineEnvironment.persist(GeneralConfig.EnvRootPath, "commonPipelineEnvironment")
 				telemetryData.Duration = fmt.Sprintf("%v", time.Since(startTime).Milliseconds())
 				telemetryData.ErrorCategory = log.GetErrorCategory().String()

pkg/config/config.go

@@ -234,7 +234,7 @@ func (c *Config) GetStepConfig(flagValues map[string]interface{}, paramJSON stri
 		return StepConfig{}, err
 	}
 	if vaultClient != nil {
-		addVaultCredentials(&stepConfig, vaultClient, parameters)
+		resolveAllVaultReferences(&stepConfig, vaultClient, parameters)
 	}
 
 	// finally do the condition evaluation post processing

pkg/config/vault.go

@@ -1,21 +1,29 @@
 package config
 
 import (
+	"io/ioutil"
+	"os"
+
 	"github.com/SAP/jenkins-library/pkg/config/interpolation"
 	"github.com/SAP/jenkins-library/pkg/log"
 	"github.com/SAP/jenkins-library/pkg/vault"
 	"github.com/hashicorp/vault/api"
 )
 
-var vaultFilter = []string{
+var (
-	"vaultAppRoleID",
+	vaultFilter = []string{
-	"vaultAppRoleSecreId",
+		"vaultAppRoleID",
-	"vaultServerUrl",
+		"vaultAppRoleSecreId",
-	"vaultNamespace",
+		"vaultServerUrl",
-	"vaultBasePath",
+		"vaultNamespace",
-	"vaultPipelineName",
+		"vaultBasePath",
-	"vaultPath",
+		"vaultPipelineName",
-}
+		"vaultPath",
+	}
+
+	// VaultSecretFileDirectory holds the directory for the current step run to temporarily store secret files fetched from vault
+	VaultSecretFileDirectory = ""
+)
 
 // VaultCredentials hold all the auth information needed to fetch configuration from vault
 type VaultCredentials struct {
@@ -51,37 +59,79 @@ func getVaultClientFromConfig(config StepConfig, creds VaultCredentials) (vaultC
 	return &client, nil
 }
 
-func addVaultCredentials(config *StepConfig, client vaultClient, params []StepParameters) {
+func resolveAllVaultReferences(config *StepConfig, client vaultClient, params []StepParameters) {
 	for _, param := range params {
 		// we don't overwrite secrets that have already been set in any way
 		if _, ok := config.Config[param.Name].(string); ok {
 			continue
 		}
-		ref := param.GetReference("vaultSecret")
+		if ref := param.GetReference("vaultSecret"); ref != nil {
-		if ref == nil {
+			resolveVaultReference(ref, config, client, param)
-			continue
 		}
-		var secretValue *string
+		if ref := param.GetReference("vaultSecretFile"); ref != nil {
-		for _, vaultPath := range ref.Paths {
+			resolveVaultReference(ref, config, client, param)
-			// it should be possible to configure the root path were the secret is stored
-			vaultPath, ok := interpolation.ResolveString(vaultPath, config.Config)
-			if !ok {
-				continue
-			}
-
-			secretValue = lookupPath(client, vaultPath, &param)
-			if secretValue != nil {
-				config.Config[param.Name] = *secretValue
-				log.Entry().Infof("Resolved param '%s' with vault path '%s'", param.Name, vaultPath)
-				break
-			}
-		}
-		if secretValue == nil {
-			log.Entry().Warnf("Could not resolve param '%s' from vault", param.Name)
 		}
 	}
 }
 
+func resolveVaultReference(ref *ResourceReference, config *StepConfig, client vaultClient, param StepParameters) {
+	var secretValue *string
+	for _, vaultPath := range ref.Paths {
+		// it should be possible to configure the root path were the secret is stored
+		vaultPath, ok := interpolation.ResolveString(vaultPath, config.Config)
+		if !ok {
+			continue
+		}
+
+		secretValue = lookupPath(client, vaultPath, &param)
+		if secretValue != nil {
+			log.Entry().Infof("Resolved param '%s' with vault path '%s'", param.Name, vaultPath)
+			if ref.Type == "vaultSecret" {
+				config.Config[param.Name] = *secretValue
+			} else if ref.Type == "vaultSecretFile" {
+				filePath, err := createTemporarySecretFile(param.Name, *secretValue)
+				if err != nil {
+					log.Entry().WithError(err).Warnf("Couldn't create temporary secret file for '%s'", param.Name)
+					return
+				}
+				config.Config[param.Name] = filePath
+			}
+			break
+		}
+	}
+	if secretValue == nil {
+		log.Entry().Warnf("Could not resolve param '%s' from vault", param.Name)
+	}
+}
+
+// RemoveVaultSecretFiles removes all secret files that have been created during execution
+func RemoveVaultSecretFiles() {
+	if VaultSecretFileDirectory != "" {
+		os.RemoveAll(VaultSecretFileDirectory)
+	}
+}
+
+func createTemporarySecretFile(namePattern string, content string) (string, error) {
+	if VaultSecretFileDirectory == "" {
+		var err error
+		VaultSecretFileDirectory, err = ioutil.TempDir("", "vault")
+		if err != nil {
+			return "", err
+		}
+	}
+
+	file, err := ioutil.TempFile(VaultSecretFileDirectory, namePattern)
+	if err != nil {
+		return "", err
+	}
+	defer file.Close()
+	_, err = file.WriteString(content)
+	if err != nil {
+		return "", err
+	}
+	return file.Name(), nil
+}
+
 func lookupPath(client vaultClient, path string, param *StepParameters) *string {
 	log.Entry().Infof("Trying to resolve vault parameter '%s' at '%s'", param.Name, path)
 	secret, err := client.GetKvSecret(path)

pkg/config/vault_test.go

@@ -2,6 +2,8 @@ package config
 
 import (
 	"fmt"
+	"io/ioutil"
+	"os"
 	"testing"
 
 	"github.com/stretchr/testify/mock"
@@ -22,7 +24,7 @@ func TestVaultConfigLoad(t *testing.T) {
 		vaultData := map[string]string{secretName: "value1"}
 
 		vaultMock.On("GetKvSecret", "team1/pipelineA").Return(vaultData, nil)
-		addVaultCredentials(&stepConfig, vaultMock, stepParams)
+		resolveAllVaultReferences(&stepConfig, vaultMock, stepParams)
 		assert.Equal(t, "value1", stepConfig.Config[secretName])
 	})
 
@@ -35,7 +37,7 @@ func TestVaultConfigLoad(t *testing.T) {
 		stepParams := []StepParameters{stepParam(secretName, "vaultSecret", "$(vaultBasePath)/pipelineA")}
 		vaultData := map[string]string{secretName: "value1"}
 		vaultMock.On("GetKvSecret", "team1/pipelineA").Return(vaultData, nil)
-		addVaultCredentials(&stepConfig, vaultMock, stepParams)
+		resolveAllVaultReferences(&stepConfig, vaultMock, stepParams)
 
 		assert.Equal(t, "preset value", stepConfig.Config[secretName])
 	})
@@ -47,7 +49,7 @@ func TestVaultConfigLoad(t *testing.T) {
 		}}
 		stepParams := []StepParameters{stepParam(secretName, "vaultSecret", "$(vaultBasePath)/pipelineA")}
 		vaultMock.On("GetKvSecret", "team1/pipelineA").Return(nil, fmt.Errorf("test"))
-		addVaultCredentials(&stepConfig, vaultMock, stepParams)
+		resolveAllVaultReferences(&stepConfig, vaultMock, stepParams)
 		assert.Len(t, stepConfig.Config, 1)
 	})
 
@@ -58,7 +60,7 @@ func TestVaultConfigLoad(t *testing.T) {
 		}}
 		stepParams := []StepParameters{stepParam(secretName, "vaultSecret", "$(vaultBasePath)/pipelineA")}
 		vaultMock.On("GetKvSecret", "team1/pipelineA").Return(nil, nil)
-		addVaultCredentials(&stepConfig, vaultMock, stepParams)
+		resolveAllVaultReferences(&stepConfig, vaultMock, stepParams)
 		assert.Len(t, stepConfig.Config, 1)
 	})
 
@@ -73,7 +75,7 @@ func TestVaultConfigLoad(t *testing.T) {
 		vaultData := map[string]string{secretName: "value1"}
 		vaultMock.On("GetKvSecret", "team1/pipelineA").Return(nil, nil)
 		vaultMock.On("GetKvSecret", "team1/pipelineB").Return(vaultData, nil)
-		addVaultCredentials(&stepConfig, vaultMock, stepParams)
+		resolveAllVaultReferences(&stepConfig, vaultMock, stepParams)
 		assert.Equal(t, "value1", stepConfig.Config[secretName])
 	})
 
@@ -87,7 +89,7 @@ func TestVaultConfigLoad(t *testing.T) {
 		}
 		vaultData := map[string]string{secretName: "value1"}
 		vaultMock.On("GetKvSecret", "team1/pipelineA").Return(vaultData, nil)
-		addVaultCredentials(&stepConfig, vaultMock, stepParams)
+		resolveAllVaultReferences(&stepConfig, vaultMock, stepParams)
 		assert.Equal(t, "value1", stepConfig.Config[secretName])
 		vaultMock.AssertNotCalled(t, "GetKvSecret", "team1/pipelineB")
 	})
@@ -96,12 +98,54 @@ func TestVaultConfigLoad(t *testing.T) {
 		vaultMock := &mocks.VaultMock{}
 		stepConfig := StepConfig{Config: map[string]interface{}{}}
 		stepParams := []StepParameters{stepParam(secretName, "vaultSecret", "$(vaultBasePath)/pipelineA")}
-		addVaultCredentials(&stepConfig, vaultMock, stepParams)
+		resolveAllVaultReferences(&stepConfig, vaultMock, stepParams)
 		assert.Equal(t, nil, stepConfig.Config[secretName])
 		vaultMock.AssertNotCalled(t, "GetKvSecret", mock.AnythingOfType("string"))
 	})
 }
 
+func TestVaultSecretFiles(t *testing.T) {
+	const secretName = "testSecret"
+	t.Run("Test Vault Secret File Reference", func(t *testing.T) {
+		vaultMock := &mocks.VaultMock{}
+		stepConfig := StepConfig{Config: map[string]interface{}{
+			"vaultPath": "team1",
+		}}
+		stepParams := []StepParameters{stepParam(secretName, "vaultSecretFile", "$(vaultPath)/pipelineA")}
+		vaultData := map[string]string{secretName: "value1"}
+		vaultMock.On("GetKvSecret", "team1/pipelineA").Return(vaultData, nil)
+		resolveAllVaultReferences(&stepConfig, vaultMock, stepParams)
+		assert.NotNil(t, stepConfig.Config[secretName])
+		path := stepConfig.Config[secretName].(string)
+		contentByte, err := ioutil.ReadFile(path)
+		assert.NoError(t, err)
+		content := string(contentByte)
+		assert.Equal(t, content, "value1")
+	})
+
+	os.RemoveAll(VaultSecretFileDirectory)
+	VaultSecretFileDirectory = ""
+
+	t.Run("Test temporary secret file cleanup", func(t *testing.T) {
+		vaultMock := &mocks.VaultMock{}
+		stepConfig := StepConfig{Config: map[string]interface{}{
+			"vaultPath": "team1",
+		}}
+		stepParams := []StepParameters{stepParam(secretName, "vaultSecretFile", "$(vaultPath)/pipelineA")}
+		vaultData := map[string]string{secretName: "value1"}
+		assert.NoDirExists(t, VaultSecretFileDirectory)
+		vaultMock.On("GetKvSecret", "team1/pipelineA").Return(vaultData, nil)
+		resolveAllVaultReferences(&stepConfig, vaultMock, stepParams)
+		assert.NotNil(t, stepConfig.Config[secretName])
+		path := stepConfig.Config[secretName].(string)
+		assert.DirExists(t, VaultSecretFileDirectory)
+		assert.FileExists(t, path)
+		RemoveVaultSecretFiles()
+		assert.NoFileExists(t, path)
+		assert.NoDirExists(t, VaultSecretFileDirectory)
+	})
+}
+
 func stepParam(name string, refType string, refPaths ...string) StepParameters {
 	return StepParameters{
 		Name: name,

pkg/generator/helper/helper.go

@@ -114,6 +114,7 @@ func {{.CobraCmdFuncName}}() *cobra.Command {
 			telemetryData := telemetry.CustomData{}
 			telemetryData.ErrorCode = "1"
 			handler := func() {
+				config.RemoveVaultSecretFiles()
 				{{- range $notused, $oRes := .OutputResources }}
 				{{ index $oRes "name" }}.persist({{if $.ExportPrefix}}{{ $.ExportPrefix }}.{{end}}GeneralConfig.EnvRootPath, "{{ index $oRes "name" }}"){{ end }}
 				telemetryData.Duration = fmt.Sprintf("%v", time.Since(startTime).Milliseconds())

pkg/generator/helper/testdata/TestProcessMetaFiles/custom_step_code_generated.golden

@@ -131,6 +131,7 @@ func TestStepCommand() *cobra.Command {
 			telemetryData := telemetry.CustomData{}
 			telemetryData.ErrorCode = "1"
 			handler := func() {
+				config.RemoveVaultSecretFiles()
 				commonPipelineEnvironment.persist(piperOsCmd.GeneralConfig.EnvRootPath, "commonPipelineEnvironment")
 				influxTest.persist(piperOsCmd.GeneralConfig.EnvRootPath, "influxTest")
 				telemetryData.Duration = fmt.Sprintf("%v", time.Since(startTime).Milliseconds())

pkg/generator/helper/testdata/TestProcessMetaFiles/step_code_generated.golden

@@ -130,6 +130,7 @@ func TestStepCommand() *cobra.Command {
 			telemetryData := telemetry.CustomData{}
 			telemetryData.ErrorCode = "1"
 			handler := func() {
+				config.RemoveVaultSecretFiles()
 				commonPipelineEnvironment.persist(GeneralConfig.EnvRootPath, "commonPipelineEnvironment")
 				influxTest.persist(GeneralConfig.EnvRootPath, "influxTest")
 				telemetryData.Duration = fmt.Sprintf("%v", time.Since(startTime).Milliseconds())