@@ -15,7 +15,7 @@ The plugin acts as an Azure Active Directory Application and must be configured
1515
1616In the Jenkins ** Configure System** page, configure the following two options in the ** Azure Key Vault Plugin** section
1717* ** Key Vault URL** - The url where your Key Vault resides (e.g. ` https://myvault.vault.azure.net/ ` )
18- * ** Credential ID** - The ID associated with a secret in the Jenkins secret store. Supported types are:
18+ * ** Credential ID** - The ID associated with a secret in the Jenkins secret store. Supported types are:
1919 - ** Azure Service Principal**
2020 - ** Azure Managed Identity** (both user and system assigned)
2121
@@ -144,7 +144,7 @@ node {
144144With overrides:
145145``` groovy
146146static LinkedHashMap<String, Object> secret(String secretName, String envVar) {
147- [
147+ [
148148 secretType: 'Secret',
149149 name: secretName,
150150 version: '342432lkjhdasjld',
@@ -158,7 +158,7 @@ node {
158158 ]
159159
160160 withAzureKeyvault(
161- azureKeyVaultSecrets: secrets,
161+ azureKeyVaultSecrets: secrets,
162162 keyVaultURLOverride: 'https://mykeyvault.vault.azure.net',
163163 credentialIDOverride: 'service-principal'
164164 ) {
@@ -199,8 +199,8 @@ pipeline {
199199 stage('Build') {
200200 options {
201201 azureKeyVault(
202- credentialID: 'my-sp',
203- keyVaultURL: 'https://my.vault.azure.net',
202+ credentialID: 'my-sp',
203+ keyVaultURL: 'https://my.vault.azure.net',
204204 secrets: [
205205 [envVariable: 'MY_SECRET', name: 'my-secret', secretType: 'Secret']
206206 ]
@@ -254,9 +254,13 @@ To use a different type add a tag called `type` with one of the below values:
254254- ` string ` - Secret text
255255- ` username ` - Username with password
256256 - add a tag ` username ` for the username of the credential
257+ - ` secretFile ` - a file with secret content
258+ - (optional) add a tag ` fileName ` for the secret file name, when it is fetched. Default is ` ${secretNameIntheVault}.txt ` .
257259- ` sshUserPrivateKey ` - SSH Private key
258260 - add a tag ` username ` for the username of the credential
259- - (optional) add a tag ` username-is-secret ` and set it to true to hide the username in the build logs
261+ - (optional) add a tag ` username-is-secret ` and set it to true to hide the username in the build logs
262+
263+ #### Secret String
260264
261265Declarative Pipeline:
262266
@@ -295,7 +299,7 @@ az keyvault secret set --vault-name my-vault \
295299 --tags username=github-user type=username
296300```
297301
298- Scripted Pipeline:
302+ Scripted Pipeline:
299303``` groovy
300304job('my example') {
301305 scm {
@@ -309,6 +313,26 @@ job('my example') {
309313}
310314```
311315
316+ #### Secret file
317+
318+ ``` bash
319+ az keyvault secret set --vault-name my-vault \
320+ --name a-secret-file-vault-secret \
321+ --value " -----BEGIN test secretFile-----\nline 1\nline2\nbla\nblob"
322+ --tags type=secretFile fileName=mySecretFile.txt
323+ ```
324+
325+ Scripted Pipeline:
326+ ``` groovy
327+ node {
328+ withCredentials([
329+ file(credentialsId: "test-secretFile-credentialsId", variable: "VARIABLE_CONTAINING_PATH_TO_SECRET_FILE")]) {
330+ sh("doSomething --use-this-secret-file \$VARIABLE_CONTAINING_PATH_TO_SECRET_FILE")
331+ }
332+ }
333+ ```
334+
335+
312336#### SSH Username with private key
313337
314338``` bash
@@ -381,7 +405,7 @@ If the passphrase can not be found in the vault, the secret will not load and a
381405
382406You can filter which secrets are visible to the credentials provider.
383407By default, the plugin will load all secrets stored within the Key Vault.
384- However, your Key Vault may be the Secret Source for multiple applications, or contains secrets not needed directly by Jenkins.
408+ However, your Key Vault may be the Secret Source for multiple applications, or contains secrets not needed directly by Jenkins.
385409To filter out secrets from being set, add a System Property or Environment Variable:
386410
387411** Via System Property** :
0 commit comments