Uploaded image for project: 'Jenkins'
  1. Jenkins
  2. JENKINS-37581

Allow using environment variables for clientID and clientSecret

XMLWordPrintable

    • Icon: New Feature New Feature
    • Resolution: Unresolved
    • Icon: Major Major
    • github-oauth-plugin
    • None
    • Dockerized Jenkins 2.7.2+ with github-oauth:0.24

      As title says, I would like to be able to use environment variables (for example ${GITHUB_OAUTH_CLIENTID}, ${GITHUB_OAUTH_CLIENTSECRET}) for configuring the GitHub OAuth application parameters. This would allow me to keep all secrets away from configuration files and instead keep them in environment variables where they can be managed more securely and effectively.

      For a bit more context, I've built a custom Dockerfile on top of the official Jenkins Docker image which includes useful configuration from a set of template files and as such, this of course includes the GitHub OAuth plugin's configuration which happens to live in config.xml's <securityRealm ... /> definition. Security wise it does not make any sense at all to bake in passwords to a Docker image and as this particular plugin does not support environment variables, I had to add a hack around the /usr/local/bin/jenkins.sh which uses sed to rewrite the config file just before Jenkins is actually started.

      As an additional note, enabling env variables would also bring the plugin closer to how eg. <workspaceDir ... /> and <buildsDir ... /> are configured. I also suspect there's a plethora of other plugins which would benefit from such unified behaviour but that would be a whole another effort to "encourage" all plugins to support password injection from environment variables.

            jamesdumay James Dumay
            esuomi Esko Suomi
            Votes:
            0 Vote for this issue
            Watchers:
            4 Start watching this issue

              Created:
              Updated: