java.lang.Object

hudson.model.AbstractDescribableImpl<org.jenkinsci.plugins.workflow.steps.Step>

org.jenkinsci.plugins.workflow.steps.Step

com.datapipe.jenkins.vault.VaultCredentialsStep

All Implemented Interfaces:: ExtensionPoint, Describable<org.jenkinsci.plugins.workflow.steps.Step>

public class VaultCredentialsStep extends org.jenkinsci.plugins.workflow.steps.Step

Pipeline step that fetches a single value from a Vault KV secret and returns it as a String. Designed for use inside Declarative Pipeline environment {} blocks.

The path parameter combines the KV path and field name: the last segment after the final / is used as the field key, and everything before it is the secret path.

 environment {
     DB_HOST = vaultCredentials(path: 'secret/myapp/db/host', credentialsId: 'vault-approle')
     DB_PASS = vaultCredentials(path: 'secret/myapp/db/password', credentialsId: 'vault-approle',
                   vaultUrl: 'https://vault:8200', vaultNamespace: 'prod')
 }

When maskSecret is true (the default), the resolved value is registered with VaultMaskedValuesFilter so it is automatically redacted from subsequent console output.

Nested Class Summary

Nested Classes

Modifier and Type

Class

Description

static final class

VaultCredentialsStep.DescriptorImpl

Nested classes/interfaces inherited from interface hudson.ExtensionPoint
ExtensionPoint.LegacyInstancesAreScopedToHudson
Constructor Summary

Constructors

Constructor

Description

VaultCredentialsStep(String path, String credentialsId)
Method Summary

Modifier and Type

Method

Description

protected String

fetchValue(String path, String key, Run<?,?> run, TaskListener listener)

String

getCredentialsId()

String

getPath()

String

getVaultNamespace()

String

getVaultUrl()

boolean

isMaskSecret()

void

setMaskSecret(boolean maskSecret)

void

setVaultNamespace(String vaultNamespace)

void

setVaultUrl(String vaultUrl)

org.jenkinsci.plugins.workflow.steps.StepExecution

start(org.jenkinsci.plugins.workflow.steps.StepContext context)

Methods inherited from class org.jenkinsci.plugins.workflow.steps.Step
getDescriptor

Methods inherited from class java.lang.Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Constructor Details
- VaultCredentialsStep
  
  @DataBoundConstructor public VaultCredentialsStep(@NonNull String path, @NonNull String credentialsId)
Method Details
- setVaultUrl
  
  @DataBoundSetter public void setVaultUrl(@CheckForNull String vaultUrl)
- setVaultNamespace
  
  @DataBoundSetter public void setVaultNamespace(@CheckForNull String vaultNamespace)
- setMaskSecret
  
  @DataBoundSetter public void setMaskSecret(boolean maskSecret)
- getPath
  
  public String getPath()
- getCredentialsId
  
  public String getCredentialsId()
- getVaultUrl
  
  @CheckForNull public String getVaultUrl()
- getVaultNamespace
  
  @CheckForNull public String getVaultNamespace()
- isMaskSecret
  
  public boolean isMaskSecret()
- start
  
  public org.jenkinsci.plugins.workflow.steps.StepExecution start(org.jenkinsci.plugins.workflow.steps.StepContext context) throws Exception
  
  Specified by:
  
  start in class org.jenkinsci.plugins.workflow.steps.Step
  
  Throws:
  
  Exception
- fetchValue
  
  protected String fetchValue(String path, String key, Run<?,?> run, TaskListener listener)

Class VaultCredentialsStep

Nested Class Summary

Nested classes/interfaces inherited from interface hudson.ExtensionPoint

Constructor Summary

Method Summary

Methods inherited from class org.jenkinsci.plugins.workflow.steps.Step

Methods inherited from class java.lang.Object

Constructor Details

VaultCredentialsStep

Method Details

setVaultUrl

setVaultNamespace

setMaskSecret

getPath

getCredentialsId

getVaultUrl

getVaultNamespace

isMaskSecret

start

fetchValue