Hi, Today we use the credential binding plugin of Jenkins but as we are going to remove Jenkins in a relatively near future we then need to find an alternative solution.
Matthieu shared the idea to let a SF user define himself credentials via the managesf REST api but continue to use the CB to store them as we don't have any alternative yet. But I though we can explore another way to store and pass secrets to jobs. In Zuul we have the zuul_function.py script that is run prior to calling Jenkins for job triggering. Why not using it to call let's say managesf or something else to request the secret that relies (defined by the SF users) to a specific job name. Then zuul_function will expose the secret in an environment variable on the Job. This can even leverage the use of barbican if we really want, but if we don't I sure we can find a safe solution to store creds on SF. I see that as a transition solution to Zuul v3, to early remove our strong deps to Jenkins. WDYT ? Cheers, Fabien _______________________________________________ Softwarefactory-dev mailing list [email protected] https://www.redhat.com/mailman/listinfo/softwarefactory-dev
