With CryptoMove for Jenkins, you can store the environment variables used by your Jenkins project in the secure CryptoMove key vault. When you build your project, the values of the environment variables are pulled from CryptoMove so they can be used by the code being built or the command being executed.
The CryptoMove Plugin extends Jenkins to allow your project to obtain the values of environment variables from the CryptoMove key vault. To install the CryptoMove Plugin, go to Jenkins > Manage Jenkins > Manage Plugins, and select the Available tab. Using the Filter box, search for "CryptoMove", and then install the CryptoMove Plugin using the Download Now and Install After Restart option.
Once you have added the CryptoMove Plugin to Jenkins, you can add a special build step that looks in the CryptoMove key vault for environment variable values when the step is executed. First, create a new Freestyle Project that needs to access environment variables when being built. Then, go to the Build section of your project's configuration page and select Add Build Step > Run a Command with CryptoMove Key Vault.
The Command field of the new build step accepts a shell command.
The environment variable that accesses a value in the CryptoMove key vault can be in the command itself or in the code being executed by the build step. For example, the following command in the build step would publish to AWS, pulling the values of secrets
CODE_COMMIT_PASSWORD from the CryptoMove key vault:
git push https://$CODE_COMMIT_USER:$CODE_COMMIT_PASSWORD@git-codecommit.us-east-1.amazonaaws.com/v1/repos/design master
You can also run commands where the code being executed by the Jenkins build step uses environment variables. For example, suppose test code written in node.js contains an environment variable
process.env.API_URL. In this case, create a secret in CryptoMove named
API_URL and add the following to the build step command:
npm run test
When adding a CryptoMove build step, you must specify a CryptoMove access token along with the command. To obtain the access token, use a REST client to call the
generate_access_token endpoint. Though access tokens can also be acquired from the CryptoMove app, those access tokens expire after 24 hours, so you would have to continuously update the Jenkins build step with a new access token. For more information about obtaining an access token with an extended expiration date, see Using the generate_access_token Endpoint.
Once you have acquired the access token, copy and paste it into the CryptoMove Token field of the build step.
Now that you've created your CryptoMove build step, you need to store the values of the environment variables in the CryptoMove key vault. Log into CryptoMove and create a secret that has the same name as the environment variable found in the build step command or source code. For example, if the command in the build step contains the environment variable
$CODE_COMMIT_PASSWORD, then define the secret name as
CODE_COMMIT_PASSWORD and the value of the new secret as the private password. When your Jenkins project builds, the value of the CryptoMove secret replaces the environment variable.
For a demonstration of how to make secrets in CryptoMove available as environment variables when running commands in your Jenkins project, view the following video.