In addition to Weibo, there is also WeChat
Please pay attention
WeChat public account
Shulou
2025-01-21 Update From: SLTechnology News&Howtos shulou NAV: SLTechnology News&Howtos > Servers >
Share
Shulou(Shulou.com)05/31 Report--
Editor to share with you how to run git-secret on Jenkins, I believe most people do not know much about it, so share this article for your reference, I hope you can learn a lot after reading this article, let's go to know it!
Typically, we encrypt the secrets or credentials we use in our code and store them in a secure place. There are many options to achieve this, such as using tools such as Vault and Git-crypt. Git-secret is a simple tool that we can use to store keys in the Git repository. Git-secret uses gpg encryption and decryption keys.
Git-secret works in the following way. Go to the folder in the repository where you want to encrypt the files, and then run git init & & git secret init. This initializes the .gitsecret folder, then runs gitsecret tell $email, and if you want other users to decrypt the key file, you must import their gpg public key, and then run gitsecret tell $otheruseremailid again. Now you can run git secret add $secretfilename and git secret hide, which will create an encrypted key file named $secretfilename.secret.
You may be interested in storing encrypted credentials in Git.
Now you can submit the master branch library. Git-secret automatically adds $secretfile to .gitignore, so you only need to submit the $secretfile.secret file.
The main challenge in integrating git-secret into Jenkins is that git-secret uses gpg private and public keys. If we have to run git secret reveal, we should have a gpg private key. So, how do we run it on Jenkins, how do we use a slave node to pull the repository and build it, if you have to show git secret on the slave node, we should have the gpg private key on the slave node. How do we implement this encryption and decryption in the Jenkins pipeline?
These steps explain how to use git-secret in the Jenkins pipeline.
Run git-secret on Jenkins
1. Export the gpg private key.
Gpg- a-- export-secret-keys $keyid > gpg-secret.keygpg-- export-ownertrust > gpg-ownertrust.txt
You will get the key ID by running gpg-- list-secret-keys. The E7CD2140FEC5B45F42860B2CC19824F8BC975ABCD here is the key ID.
Sec rsa4096 2019-09-17 [SC] E7CD2140FEC5B45F42860B2CC19824F8BC975ABCDuid [ultimate] Test (test gpg key)
two。 Add the exported gpg key and owner trust to the Jenkins credential as secret file. The following figure shows adding a private key as a Jenkins credential. Add the owner trust file in the same way.
3. Add the passphrase of the gpg private key as secret text. The following figure illustrates this.
4. Use the added gpg private key, owner trust file, and passphrase in the Jenkins pipeline. "gpg-secret", "gpg-trust", and "gpg-passphrase" here are the ID given when adding Jenkins credentials.
Pipeline {agent {node {label 'test_slave'}} environment {gpg_secret = credentials ("gpg-secret") gpg_trust = credentials ("gpg-trust") gpg_passphrase = credentials ("gpg-passphrase")} stages {stage ("Import GPG Keys") {steps { Sh "" gpg-- batch-- import $gpg_secret gpg-- import-ownertrust $gpg_trust ""} stage ("Reveal Git Secrets") {steps {sh "cd $WORKSPACE/$yoursecretfolder" Git init git-secret reveal-p'$gpg_passphrase' "}
The above is all the contents of the article "how to run git-secret on Jenkins". Thank you for reading! I believe we all have a certain understanding, hope to share the content to help you, if you want to learn more knowledge, welcome to follow the industry information channel!
Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.
Views: 266
*The comments in the above article only represent the author's personal views and do not represent the views and positions of this website. If you have more insights, please feel free to contribute and share.
Continue with the installation of the previous hadoop.First, install zookooper1. Decompress zookoope
"Every 5-10 years, there's a rare product, a really special, very unusual product that's the most un
© 2024 shulou.com SLNews company. All rights reserved.