mirror of
https://github.com/SAP/jenkins-library.git
synced 2024-12-14 11:03:09 +02:00
dfab156427
* add new step vault secret * add debug log Co-authored-by: Oliver Nocon <33484802+OliverNocon@users.noreply.github.com>
108 lines
3.0 KiB
YAML
108 lines
3.0 KiB
YAML
metadata:
|
|
name: vaultRotateSecretId
|
|
description: Rotate vault AppRole Secret ID
|
|
longDescription: This step takes the given Vault secret ID and checks whether it needs to be renewed and if so it will update the secret ID in the configured secret store.
|
|
spec:
|
|
inputs:
|
|
params:
|
|
- name: secretStore
|
|
type: string
|
|
description: "The store to which the secret should be written back to"
|
|
scope:
|
|
- PARAMETERS
|
|
- STAGES
|
|
- STEPS
|
|
default: "jenkins"
|
|
possibleValues:
|
|
- jenkins
|
|
- name: jenkinsUrl
|
|
type: string
|
|
description: "The jenkins url"
|
|
scope:
|
|
- PARAMETERS
|
|
- STAGES
|
|
- STEPS
|
|
secret: true
|
|
resourceRef:
|
|
- type: vaultSecret
|
|
paths:
|
|
- $(vaultPath)/jenkins
|
|
- $(vaultBasePath)/$(vaultPipelineName)/jenkins
|
|
- $(vaultBasePath)/GROUP-SECRETS/jenkins
|
|
aliases:
|
|
- name: url
|
|
- name: jenkinsCredentialDomain
|
|
type: string
|
|
description: The jenkins credential domain which should be used
|
|
scope:
|
|
- PARAMETERS
|
|
- STAGES
|
|
- STEPS
|
|
default: "_"
|
|
- name: jenkinsUsername
|
|
type: string
|
|
description: "The jenkins username"
|
|
scope:
|
|
- PARAMETERS
|
|
- STAGES
|
|
- STEPS
|
|
secret: true
|
|
aliases:
|
|
- name: userId
|
|
resourceRef:
|
|
- type: vaultSecret
|
|
paths:
|
|
- $(vaultPath)/jenkins
|
|
- $(vaultBasePath)/$(vaultPipelineName)/jenkins
|
|
- $(vaultBasePath)/GROUP-SECRETS/jenkins
|
|
- name: jenkinsToken
|
|
type: string
|
|
description: "The jenkins token"
|
|
scope:
|
|
- PARAMETERS
|
|
- STAGES
|
|
- STEPS
|
|
secret: true
|
|
aliases:
|
|
- name: token
|
|
resourceRef:
|
|
- type: vaultSecret
|
|
paths:
|
|
- $(vaultPath)/jenkins
|
|
- $(vaultBasePath)/$(vaultPipelineName)/jenkins
|
|
- $(vaultBasePath)/GROUP-SECRETS/jenkins
|
|
- name: vaultAppRoleSecretTokenCredentialsId
|
|
type: string
|
|
description: The Jenkins credential ID for the Vault AppRole Secret ID credential
|
|
scope:
|
|
- GENERAL
|
|
- PARAMETERS
|
|
- STAGES
|
|
- STEPS
|
|
mandatory: true
|
|
- name: vaultServerUrl
|
|
type: string
|
|
scope:
|
|
- GENERAL
|
|
- PARAMETERS
|
|
- STAGES
|
|
- STEPS
|
|
description: The URL for the Vault server to use
|
|
mandatory: true
|
|
- name: vaultNamespace
|
|
type: string
|
|
scope:
|
|
- GENERAL
|
|
- PARAMETERS
|
|
- STAGES
|
|
- STEPS
|
|
description: The vault namespace that should be used (optional)
|
|
- name: daysBeforeExpiry
|
|
type: int
|
|
description: The amount of days before expiry until the secret ID gets rotated
|
|
scope:
|
|
- PARAMETERS
|
|
- STAGES
|
|
- STEPS
|
|
default: 15
|