Skip to content

vaultRotateSecretId

Rotate vault AppRole Secret ID

Description

This step takes the given Vault secret ID and checks whether it needs to be renewed and if so it will update the secret ID in the configured secret store.

Usage

We recommend to define values of step parameters via config.yml file. In this case, calling the step is reduced to one simple line.
Calling the step can be done either via the Jenkins library step or on the command line.

Jenkins Pipeline

library('piper-lib-os')

vaultRotateSecretId script: this

Command Line

piper vaultRotateSecretId

Prerequisites

Parameters

Overview

Name Mandatory Additional information
script yes Jenkins only reference to Jenkins main pipeline script
vaultAppRoleSecretTokenCredentialsId yes
vaultServerUrl yes
daysBeforeExpiry no
jenkinsCredentialDomain no
jenkinsToken no Vault Secret pass via ENV, Vault or Jenkins credentials
jenkinsUrl no Vault Secret pass via ENV, Vault or Jenkins credentials
jenkinsUsername no Vault Secret pass via ENV, Vault or Jenkins credentials
secretStore no
vaultNamespace no
verbose no activates debug output

Details

daysBeforeExpiry

The amount of days before expiry until the secret ID gets rotated

back to overview

Scope Details
Aliases -
Type int
Mandatory no
Default 15
Secret no
Configuration scope
  • ☒ parameter
  • ☐ general
  • ☒ steps
  • ☒ stages
Resource references none

jenkinsCredentialDomain

The jenkins credential domain which should be used

back to overview

Scope Details
Aliases -
Type string
Mandatory no
Default _
Secret no
Configuration scope
  • ☒ parameter
  • ☐ general
  • ☒ steps
  • ☒ stages
Resource references none

jenkinsToken

The jenkins token

back to overview

Scope Details
Aliases token
Type string
Mandatory no
Default $PIPER_jenkinsToken (if set)
Secret yes
Configuration scope
  • ☒ parameter
  • ☐ general
  • ☒ steps
  • ☒ stages
Resource references
Vault paths:
  • $(vaultPath)/jenkins

jenkinsUrl

The jenkins url

back to overview

Scope Details
Aliases url
Type string
Mandatory no
Default $PIPER_jenkinsUrl (if set)
Secret yes
Configuration scope
  • ☒ parameter
  • ☐ general
  • ☒ steps
  • ☒ stages
Resource references
Vault paths:
  • $(vaultPath)/jenkins

jenkinsUsername

The jenkins username

back to overview

Scope Details
Aliases userId
Type string
Mandatory no
Default $PIPER_jenkinsUsername (if set)
Secret yes
Configuration scope
  • ☒ parameter
  • ☐ general
  • ☒ steps
  • ☒ stages
Resource references
Vault paths:
  • $(vaultPath)/jenkins

script

Jenkins-specific: Used for proper environment setup.

The common script environment of the Jenkinsfile running. Typically the reference to the script calling the pipeline step is provided with the this parameter, as in script: this. This allows the function to access the commonPipelineEnvironment for retrieving, e.g. configuration parameters.

back to overview

Scope Details
Aliases -
Type Jenkins Script
Mandatory yes
Default
Secret no
Configuration scope
  • ☐ parameter
  • ☐ general
  • ☐ steps
  • ☐ stages
Resource references none

secretStore

The store to which the secret should be written back to

back to overview

Scope Details
Aliases -
Type string
Mandatory no
Default jenkins
Possible values - jenkins
Secret no
Configuration scope
  • ☒ parameter
  • ☐ general
  • ☒ steps
  • ☒ stages
Resource references none

vaultAppRoleSecretTokenCredentialsId

The Jenkins credential ID for the Vault AppRole Secret ID credential

back to overview

Scope Details
Aliases -
Type string
Mandatory yes
Default $PIPER_vaultAppRoleSecretTokenCredentialsId (if set)
Secret no
Configuration scope
  • ☒ parameter
  • ☒ general
  • ☒ steps
  • ☒ stages
Resource references none

vaultNamespace

The vault namespace that should be used (optional)

back to overview

Scope Details
Aliases -
Type string
Mandatory no
Default $PIPER_vaultNamespace (if set)
Secret no
Configuration scope
  • ☒ parameter
  • ☒ general
  • ☒ steps
  • ☒ stages
Resource references none

vaultServerUrl

The URL for the Vault server to use

back to overview

Scope Details
Aliases -
Type string
Mandatory yes
Default $PIPER_vaultServerUrl (if set)
Secret no
Configuration scope
  • ☒ parameter
  • ☒ general
  • ☒ steps
  • ☒ stages
Resource references none

verbose

verbose output

back to overview

Scope Details
Aliases -
Type bool
Mandatory no
Default false
Possible values - true
- false
Secret no
Configuration scope
  • ☒ parameter
  • ☒ general
  • ☒ steps
  • ☒ stages
Resource references none

Exceptions

none

Examples