I’m trying to create a Jenkins pipeline (.jenkinsfile) to perform some actions in AWS, but cannot give everyone in my company access to the pipeline. My thought was to have the user paste in their AWS_ACCESS_KEY_ID and AWS_SECRET_ACCESS_KEY values (these values are refreshed every 24 hours) into Jenkins pipeline parameters and then use them as some type of credentials in the .jenkinsfile. If the user pastes in wrong values/does not have the correct permissions to run the code, the job will fail. So far I have been unable to find a way to do this as all the examples I’ve seen have been using existing credentials stored on the Jenkins server, and not generating them for each run.
I’ve tried the following bits of code with no luck:
environment {
TMP_AWS_CREDS =
credentialsBinding {
amazonWebServicesCredentialsBinding {
accessKeyVariable(${AWS_ACCESS_KEY_ID})
secretKeyVariable(${AWS_SECRET_ACCESS_KEY})
credentialsId('temp-aws-creds')
}
}
}
steps {
withAWS(credentials: "${TMP_AWS_CREDS}, region: 'ap-southeast-4') {
// some block
}
}
and
steps {
withAWS(credentials: wrappers {
credentialsBinding {
amazonWebServicesCredentialsBinding {
accessKeyVariable(${AWS_ACCESS_KEY_ID})
secretKeyVariable(${AWS_SECRET_ACCESS_KEY})
credentialsId('temp-aws-creds')
}
}
}, region: 'ap-southeast-4') {
// some block
}
}
and
steps {
withAWS(credentials: '[certificate(credentialsId: 'temp-aws-creds',
keystoreVariable: AWS_ACCESS_KEY_ID,
passwordVariable: AWS_SECRET_ACCESS_KEY)]', region: 'ap-southeast-4') {
// some block
}
}
2
Answers
You use them like any other pipeline parameters:
Don’t worry about passing them into your environment – Jenkins creates environment variables for all the pipeline parameters. But make sure they are not printed anywhere, because Jenkins doesn’t mask passwords from the parameters in the log.
Use this pipeline
pipeline {
agent any