There is an option in Jenkins to add a global credential 'Kind' called : "X.509 Client Certificate" and I would like to use this within my build securely, to invoke a RESTful API using cURL.
I add the Client Key, Client Certificate, Server CA Chain to the appropriate boxes, add an ID, a Description and head to my Jenkins pipeline.
Now I consult the documentation here to look for how to use the 'withCredentials' bindings to actually use my key and certificate securely. I don't see any reference to the bindings for using the X.509 Client Certificate? I see 'Certificate' but that's a different option and doesn't expose a private key for example.
Can somebody please help me understand when in the pipeline code, what do I use inside the withCredentials block to specify the appropriate type, and pass variable names for the client cert, client key, and server chain.
withCredentials([WhatHere?(credentialsId: 'myClientCert', variable?: 'key',variable2?: 'cert')]) {
}
Many thanks
CodePudding user response:
The X.509 Client Certificate option which is part of the docker plugin, has recently changed its name as it used to be named Docker Certificate Directory (the behavior itself has not changed), therefore is it is tricky to find it in the withCredentials
Documentation.
The option you are looking for is called dockerCert
(named after the old option) and it includes two parameter inputs variable
and credentialsId
:
dockerCert
variable Name of an environment variable to be set during the build.
Its value will be the absolute path of the directory where the {ca,cert,key}.pem files will be created. You probably want to call this variable DOCKER_CERT_PATH, which will be understood by the docker client binary.
Type: String
credentialsId Credentials of an appropriate type to be set to the variable.
Type: String
Pipeline usage example:
withCredentials([dockerCert(credentialsId: 'myClientCert', variable: 'DOCKER_CERT_PATH')]) {
// code that uses the certificate files
}
CodePudding user response:
On my Jenkins, it's
withCredentials([certificate(aliasVariable: 'ALIAS_VAR',
credentialsId: 'myClientCert',
keystoreVariable: 'KEYSTORE_VAR',
passwordVariable: 'PASSWORD_VAR')]) {
...
}
Hint: If you add /pipeline-syntax/
to your Jenkins URL, it will take you to a snippet generator that will generate some snippets for you based on your input. That's what I used to generate the above snippet.