Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

improving "Handling Credentials" documentation #597

Open
wants to merge 1 commit into
base: master
Choose a base branch
from
Open

improving "Handling Credentials" documentation #597

wants to merge 1 commit into from

Conversation

marc-guenther
Copy link
Member

I tried to add some info the the "Handling Credentials" page, as some things were quite unclear for me when I first read it (knowing nothing at all about the topic then)

  • It wasn't clear to me if we can use the Credentials Plugin solution everywhere, or only when the plugin supports the Credentials Plugin directly. It seems the latter, so I added that explicitely.
  • It seems we have two problems to solve, clear text passwords in the dsl scripts themselves, and clear text passwords in the job configs? First is absolute worst case, second is still bad, but not as bad, and not avoidable if Credentials Plugin is not supported?
  • I got completely confused by the mention of "Credentials Binding Plugin" in the "Credentials Plugin" section talking about build variables, but then there is another section "Build Variables", which mentions "EnvInject Plugin"
  • And I think an option is missing, instead of using "EnvInject Plugin" in the seed job (option 2), we could also use it in the generated job itself. That would be similar to first option, in that no credentials are ever exposed to the dsl script.

@marc-guenther marc-guenther force-pushed the handling-credentials branch 2 times, most recently from 4e525fd to ace3732 Compare August 31, 2015 15:25
@marc-guenther
improving "Handling Credentials" documentation
ace3732 
I tried to add some info the the "Handling Credentials" page, as some things were quite unclear for me when I first read it (knowing nothing at all about the topic then)
- It wasn't clear to me if we can use the Credentials Plugin solution everywhere, or only when the plugin supports the Credentials Plugin directly. It seems the latter, so I added that explicitely.
- It seems we have two problems to solve, clear text passwords in the dsl scripts themselves, and clear text passwords in the job configs? First is absolute worst case, second is still bad, but not as bad, and not avoidable if Credentials Plugin is not supported?
- I got completely confused by the mention of "Credentials Binding Plugin" in the "Credentials Plugin" section talking about build variables, but then there is another section "Build Variables", which mentions "EnvInject Plugin"
- And I think an option is missing, instead of using "EnvInject Plugin" in the seed job (option 2), we could also use it in the generated job itself. That would be similar to first option, in that no credentials are ever exposed to the dsl script.
@jenkinsadmin
Copy link
Member

Thank you for a pull request! Please check this document for how the Jenkins project handles pull requests

@jiff-infrastructure
Copy link

Can one of the admins verify this patch?

@CorevistCI
Copy link

Build finished.

@jamietanna jamietanna self-requested a review June 20, 2022 07:57
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@jamietanna jamietanna Awaiting requested review from jamietanna

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
4 participants
@marc-guenther @jenkinsadmin @jiff-infrastructure @CorevistCI