Provide example how to use HashiCorp Vault Plugin with Jenkins Declarative Pipeline.

          [JENKINS-45685] Declarative Pipeline Example

          Peter Tierno added a comment -

          My initial testing failed when using this in a declarative pipeline. Will see what needs done to get it working and document.

          Peter Tierno added a comment - My initial testing failed when using this in a declarative pipeline. Will see what needs done to get it working and document.

          Hi, was there any update on this issue in the end? Looking to use the Vault plugin with a declarative pipeline but some information I've read suggests declarative pipelines aren't currently supported with the Vault plugin? 

          Sean Middleton added a comment - Hi, was there any update on this issue in the end? Looking to use the Vault plugin with a declarative pipeline but some information I've read suggests declarative pipelines aren't currently supported with the Vault plugin? 

          Arturas R added a comment -

          Hope it helps

          pipeline {
            agent none
            stages {
              stage('Vault') {
                  agent {
                    node {
                      label 'linux'
                    }
                  }
          
                  steps {
                    script {
                      node {
                        // define the secrets and the env variables
                        def secrets = [
                          [$class: 'VaultSecret', path: 'secret/testing', secretValues: [
                            [$class: 'VaultSecretValue', envVar: 'testing', vaultKey: 'value_one'],
                            [$class: 'VaultSecretValue', envVar: 'testing_again', vaultKey: 'value_two']]],
                          [$class: 'VaultSecret', path: 'secret/another_test', secretValues: [
                            [$class: 'VaultSecretValue', envVar: 'another_test', vaultKey: 'value']]]
                        ]
          
                        // optional configuration, if you do not provide this the next higher configuration
                        // (e.g. folder or global) will be used
                        def configuration = [$class: 'VaultConfiguration',
                                            vaultUrl: 'http://my-very-other-vault-url.com',
                                            vaultCredentialId: 'my-vault-cred-id']
          
                        // inside this block your credentials will be available as env variables
                        wrap([$class: 'VaultBuildWrapper', configuration: configuration, vaultSecrets: secrets]) {
                          sh 'echo $testing'
                          sh 'echo $testing_again'
                          sh 'echo $another_test'
                        }
                      }
                    }
                  }
                }
              }
            }
          }
          

          Arturas R added a comment - Hope it helps pipeline { agent none stages { stage( 'Vault' ) { agent { node { label 'linux' } } steps { script { node { // define the secrets and the env variables def secrets = [ [$class: 'VaultSecret' , path: 'secret/testing' , secretValues: [ [$class: 'VaultSecretValue' , envVar: 'testing' , vaultKey: 'value_one' ], [$class: 'VaultSecretValue' , envVar: 'testing_again' , vaultKey: 'value_two' ]]], [$class: 'VaultSecret' , path: 'secret/another_test' , secretValues: [ [$class: 'VaultSecretValue' , envVar: 'another_test' , vaultKey: 'value' ]]] ] // optional configuration, if you do not provide this the next higher configuration // (e.g. folder or global) will be used def configuration = [$class: 'VaultConfiguration' , vaultUrl: 'http: //my-very-other-vault-url.com' , vaultCredentialId: 'my-vault-cred-id' ] // inside this block your credentials will be available as env variables wrap([$class: 'VaultBuildWrapper' , configuration: configuration, vaultSecrets: secrets]) { sh 'echo $testing' sh 'echo $testing_again' sh 'echo $another_test' } } } } } } } }

          vassil marjunits added a comment - - edited

          After version 2.3.0 and higher,
          3.0.0 was latest, when this comment was made

          // define vault configuration
          def configuration = [engineVersion: 1, 
                               skipSslVerification: true, 
                               timeout: 60, 
                               vaultUrl: "http://my-vault.com:8200", 
                               vaultCredentialId: "my-vault-cred-id"]
          // define vault secret path and env var
          def secret = [
                [path: 'dev/kv1', secretValues: [
                  [envVar: 'PASSWORD', vaultKey: 'password'],
                  [envVar: 'USER', vaultKey: 'user']]]
          ]
          pipeline {
              agent any
              options {
                  buildDiscarder(logRotator(numToKeepStr: '20'))
                  disableConcurrentBuilds()
              }
              stages{   
                  stage('Vault') {
                      steps {
                          script {
                              withVault([configuration: configuration, vaultSecrets: secret]) {
                                   sh 'echo $PASSWORD'
                                   sh 'echo $USER'
                              }
                          }
                      }  
                  }
              }
              post {
                  always {
                      cleanWs()
                  }
              }
          }
          
          
          

           

          vassil marjunits added a comment - - edited After version 2.3.0 and higher, 3.0.0 was latest, when this comment was made // define vault configuration def configuration = [engineVersion: 1, skipSslVerification: true , timeout: 60, vaultUrl: "http: //my-vault.com:8200" , vaultCredentialId: "my-vault-cred-id" ] // define vault secret path and env var def secret = [ [path: 'dev/kv1' , secretValues: [ [envVar: 'PASSWORD' , vaultKey: 'password' ], [envVar: 'USER' , vaultKey: 'user' ]]] ] pipeline { agent any options { buildDiscarder(logRotator(numToKeepStr: '20' )) disableConcurrentBuilds() } stages{ stage( 'Vault' ) { steps { script { withVault([configuration: configuration, vaultSecrets: secret]) { sh 'echo $PASSWORD' sh 'echo $USER' } } } } } post { always { cleanWs() } } }  

            ptierno Peter Tierno
            tsutsarin_fuib Nikolay Tsutsarin
            Votes:
            3 Vote for this issue
            Watchers:
            6 Start watching this issue

              Created:
              Updated: