Ability to define Jenkins scope for Key Vault credentials #199
Labels
enhancement
New feature or request
Comments
|
The tag one should be quite easy to implement and contributions are welcome. I have a proof of concept that worked I think for folders but I've never got around to finishing it: |
|
Unfortunately I don't have much knowledge of Java programming so can't contribute a lot. The PR looks good though. I think this would help a lot of teams if they could scope credentials to the folder level rather than just global. |
|
The tags just need retrieving here: and then passing the scope down to he credentials classes and defaulting the scope to global. |
|
Hi guys, any update on this feature? |
|
see #222 You can scope to system but not folders |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
What feature do you want to see added?
When creating a credential via the Jenkins UI, you have the ability to define the scope (e.g. Global or System). It would be useful if you could define the scope when using credentials from the Azure Key Vault as well. In Azure Key Vault you can add tags to secrets so maybe a tag of credentials-scope:system would be a good idea? In Jenkins the credential would then be limited to the system scope.
I know the Kubernetes Credentials Provider plugin has something similar where you set a label on the kubernetes secret object as "jenkins.io/credentials-scope": "system". This then means the secret is scoped to system in Jenkins.
It would also be useful if credentials could be scoped to the folder level as well. So if we have 3 folders:
Some credentials would be scoped to only TeamA, some to only TeamB and some to only TeamC.
Currently all secrets from Azure Key Vault are scoped to global which means any team can access them. If you have a Jenkins instance shared across multiple teams this can cause issues.
Upstream changes
No response
The text was updated successfully, but these errors were encountered: