From jira at ovirt-jira.atlassian.net Tue Jan 30 11:45:12 2018
Content-Type: multipart/mixed; boundary="===============8944309294851339655=="
MIME-Version: 1.0
From: Daniel Belenky (oVirt JIRA) <jira at ovirt-jira.atlassian.net>
To: infra at ovirt.org
Subject: [JIRA] (OVIRT-1867) Allow embedded secrets inside the source repo for
 CI
Date: Tue, 30 Jan 2018 11:45:10 +0000
Message-ID: <JIRA.33417.1517308592000.eb32e2c5-7f3b-4a94-b4c0-7a62af9cb3b2.1517312707856@Atlassian.JIRA>
In-Reply-To: JIRA.33417.1517308592000@Atlassian.JIRA

--===============8944309294851339655==
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: quoted-printable

This is a multi-part message in MIME format...

------------=3D_1517312708-12381-241
Content-Type: text/plain; charset=3DUTF-8
Content-Transfer-Encoding: 7bit


     [ https://ovirt-jira.atlassian.net/browse/OVIRT-1867?page=3Dcom.atlass=
ian.jira.plugin.system.issuetabpanels:all-tabpanel ]

Daniel Belenky updated OVIRT-1867:
----------------------------------
    Component/s: STDCI DSL
                 Standard CI (Pipelines)

> Allow embedded secrets inside the source repo for CI
> ----------------------------------------------------
>
>                 Key: OVIRT-1867
>                 URL: https://ovirt-jira.atlassian.net/browse/OVIRT-1867
>             Project: oVirt - virtualization made easy
>          Issue Type: By-EMAIL
>          Components: Standard CI (Pipelines), STDCI DSL
>            Reporter: Roman Mohr
>            Assignee: infra
>
> In order to improve the self-service capabilities of standard-ci it is
> important for projects, that they can add their own secrets to projects (=
to
> reach external services, e.g. docker hub, ...).
> Travis has a very nice system which helps engineers there:
> https://docs.travis-ci.com/user/encryption-keys/
> Basically the CI system needs to generate a public/private key pair for
> every enabled git repo. The engineer simply fetches the public key via a
> well know URL and encrypts the secrets. Then the encrypted secret can be
> made part of the source repo. Before the tests are run the CI system
> decrypts the secrets. Than can play together pretty well with Jenkinsfiles
> too.
> Benefit:
>  * Less manual intervention from CI team to add secrets to jobs
>  * Strengthen the config-in-code thinking



--
This message was sent by Atlassian Jira
(v1001.0.0-SNAPSHOT#100077)

------------=3D_1517312708-12381-241
Content-Type: text/html; charset=3D"UTF-8"
Content-Disposition: inline
Content-Transfer-Encoding: 7bit

<html><body>
<pre>[ https://ovirt-jira.atlassian.net/browse/OVIRT-1867?page=3Dcom.atlass=
ian.jira.plugin.system.issuetabpanels:all-tabpanel ]</pre>
<h3>Daniel Belenky updated OVIRT-1867:</h3>
<pre>    Component/s: STDCI DSL
Standard CI (Pipelines)</pre>
<blockquote><h3>Allow embedded secrets inside the source repo for CI</h3>
<pre>     Key: OVIRT-1867
     URL: https://ovirt-jira.atlassian.net/browse/OVIRT-1867
 Project: oVirt - virtualization made easy
         Issue Type: By-EMAIL
         Components: Standard CI (Pipelines), STDCI DSL
Reporter: Roman Mohr
Assignee: infra</pre>
<p>In order to improve the self-service capabilities of standard-ci it is i=
mportant for projects, that they can add their own secrets to projects (to =
reach external services, e.g. docker hub, &hellip;). Travis has a very nice=
 system which helps engineers there: <a href=3D"https://docs.travis-ci.com/=
user/encryption-keys/">https://docs.travis-ci.com/user/encryption-keys/</a>=
 Basically the CI system needs to generate a public/private key pair for ev=
ery enabled git repo. The engineer simply fetches the public key via a well=
 know URL and encrypts the secrets. Then the encrypted secret can be made p=
art of the source repo. Before the tests are run the CI system decrypts the=
 secrets. Than can play together pretty well with Jenkinsfiles too. Benefit=
:</p>
<pre>* Less manual intervention from CI team to add secrets to jobs
* Strengthen the config-in-code thinking</pre></blockquote>
<p>&mdash; This message was sent by Atlassian Jira (v1001.0.0-SNAPSHOT#1000=
77)</p>

<img src=3D"https://u4043402.ct.sendgrid.net/wf/open?upn=3Di5TMWGV99amJbNxJ=
pSp2-2BJ33BSM3tuiUfRTk64K-2BOjH6OfHwHF07KbWgKiV6gm3mB1II18BSBtXPREj0WkjfqAg=
XWnshvNmi3g7hf7kv7FqBki2RZzgFbqRnK9goqqJkcAizW7noi7EpyC7Cyq4m5LcFY7gF1dfPA7=
1ctDJv1itP55J4TaIQ0OVOFPKLlEkDqvR5zu-2BOiUvMmzEJIbMQEdd5TIXd0EUIrZzpWk0Acbt=
a5iy-2BWecOD-2FMYCrOtNJelkVNboavHpdhGJyM0W8CQyYfCqyKdYr3lIpNAQH0sO73OavbK3g=
Sgw4Y-2F1QSXhGh6AAeQ0T3GWsZ54-2FVlluTHVXKQRZH1wk449dOZMwgHpDxQZ54ke186nKJRB=
dG-2BcFCgyo4pi3aJ3uQI3sBImFHnFKiOvuokub4uJUNdhQhT0cxkhMvpGTIovKuNcPZ75aMS" =
alt=3D"" width=3D"1" height=3D"1" border=3D"0" style=3D"height:1px !importa=
nt;width:1px !important;border-width:0 !important;margin-top:0 !important;m=
argin-bottom:0 !important;margin-right:0 !important;margin-left:0 !importan=
t;padding-top:0 !important;padding-bottom:0 !important;padding-right:0 !imp=
ortant;padding-left:0 !important;"/>
</body></html>

------------=3D_1517312708-12381-241--

--===============8944309294851339655==
Content-Type: multipart/alternative
MIME-Version: 1.0
Content-Transfer-Encoding: base64
Content-Disposition: attachment; filename="attachment.bin"

VGhpcyBpcyBhIG11bHRpLXBhcnQgbWVzc2FnZSBpbiBNSU1FIGZvcm1hdC4uLgoKLS0tLS0tLS0t
LS0tPV8xNTE3MzEyNzA4LTEyMzgxLTI0MQpDb250ZW50LVR5cGU6IHRleHQvcGxhaW47IGNoYXJz
ZXQ9VVRGLTgKQ29udGVudC1UcmFuc2Zlci1FbmNvZGluZzogN2JpdAoKCiAgICAgWyBodHRwczov
L292aXJ0LWppcmEuYXRsYXNzaWFuLm5ldC9icm93c2UvT1ZJUlQtMTg2Nz9wYWdlPWNvbS5hdGxh
c3NpYW4uamlyYS5wbHVnaW4uc3lzdGVtLmlzc3VldGFicGFuZWxzOmFsbC10YWJwYW5lbCBdCgpE
YW5pZWwgQmVsZW5reSB1cGRhdGVkIE9WSVJULTE4Njc6Ci0tLS0tLS0tLS0tLS0tLS0tLS0tLS0t
LS0tLS0tLS0tLS0KICAgIENvbXBvbmVudC9zOiBTVERDSSBEU0wKICAgICAgICAgICAgICAgICBT
dGFuZGFyZCBDSSAoUGlwZWxpbmVzKQoKPiBBbGxvdyBlbWJlZGRlZCBzZWNyZXRzIGluc2lkZSB0
aGUgc291cmNlIHJlcG8gZm9yIENJCj4gLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0t
LS0tLS0tLS0tLS0tLS0tLS0tLQo+Cj4gICAgICAgICAgICAgICAgIEtleTogT1ZJUlQtMTg2Nwo+
ICAgICAgICAgICAgICAgICBVUkw6IGh0dHBzOi8vb3ZpcnQtamlyYS5hdGxhc3NpYW4ubmV0L2Jy
b3dzZS9PVklSVC0xODY3Cj4gICAgICAgICAgICAgUHJvamVjdDogb1ZpcnQgLSB2aXJ0dWFsaXph
dGlvbiBtYWRlIGVhc3kKPiAgICAgICAgICBJc3N1ZSBUeXBlOiBCeS1FTUFJTAo+ICAgICAgICAg
IENvbXBvbmVudHM6IFN0YW5kYXJkIENJIChQaXBlbGluZXMpLCBTVERDSSBEU0wKPiAgICAgICAg
ICAgIFJlcG9ydGVyOiBSb21hbiBNb2hyCj4gICAgICAgICAgICBBc3NpZ25lZTogaW5mcmEKPgo+
IEluIG9yZGVyIHRvIGltcHJvdmUgdGhlIHNlbGYtc2VydmljZSBjYXBhYmlsaXRpZXMgb2Ygc3Rh
bmRhcmQtY2kgaXQgaXMKPiBpbXBvcnRhbnQgZm9yIHByb2plY3RzLCB0aGF0IHRoZXkgY2FuIGFk
ZCB0aGVpciBvd24gc2VjcmV0cyB0byBwcm9qZWN0cyAodG8KPiByZWFjaCBleHRlcm5hbCBzZXJ2
aWNlcywgZS5nLiBkb2NrZXIgaHViLCAuLi4pLgo+IFRyYXZpcyBoYXMgYSB2ZXJ5IG5pY2Ugc3lz
dGVtIHdoaWNoIGhlbHBzIGVuZ2luZWVycyB0aGVyZToKPiBodHRwczovL2RvY3MudHJhdmlzLWNp
LmNvbS91c2VyL2VuY3J5cHRpb24ta2V5cy8KPiBCYXNpY2FsbHkgdGhlIENJIHN5c3RlbSBuZWVk
cyB0byBnZW5lcmF0ZSBhIHB1YmxpYy9wcml2YXRlIGtleSBwYWlyIGZvcgo+IGV2ZXJ5IGVuYWJs
ZWQgZ2l0IHJlcG8uIFRoZSBlbmdpbmVlciBzaW1wbHkgZmV0Y2hlcyB0aGUgcHVibGljIGtleSB2
aWEgYQo+IHdlbGwga25vdyBVUkwgYW5kIGVuY3J5cHRzIHRoZSBzZWNyZXRzLiBUaGVuIHRoZSBl
bmNyeXB0ZWQgc2VjcmV0IGNhbiBiZQo+IG1hZGUgcGFydCBvZiB0aGUgc291cmNlIHJlcG8uIEJl
Zm9yZSB0aGUgdGVzdHMgYXJlIHJ1biB0aGUgQ0kgc3lzdGVtCj4gZGVjcnlwdHMgdGhlIHNlY3Jl
dHMuIFRoYW4gY2FuIHBsYXkgdG9nZXRoZXIgcHJldHR5IHdlbGwgd2l0aCBKZW5raW5zZmlsZXMK
PiB0b28uCj4gQmVuZWZpdDoKPiAgKiBMZXNzIG1hbnVhbCBpbnRlcnZlbnRpb24gZnJvbSBDSSB0
ZWFtIHRvIGFkZCBzZWNyZXRzIHRvIGpvYnMKPiAgKiBTdHJlbmd0aGVuIHRoZSBjb25maWctaW4t
Y29kZSB0aGlua2luZwoKCgotLQpUaGlzIG1lc3NhZ2Ugd2FzIHNlbnQgYnkgQXRsYXNzaWFuIEpp
cmEKKHYxMDAxLjAuMC1TTkFQU0hPVCMxMDAwNzcpCgotLS0tLS0tLS0tLS09XzE1MTczMTI3MDgt
MTIzODEtMjQxCkNvbnRlbnQtVHlwZTogdGV4dC9odG1sOyBjaGFyc2V0PSJVVEYtOCIKQ29udGVu
dC1EaXNwb3NpdGlvbjogaW5saW5lCkNvbnRlbnQtVHJhbnNmZXItRW5jb2Rpbmc6IDdiaXQKCjxo
dG1sPjxib2R5Pgo8cHJlPlsgaHR0cHM6Ly9vdmlydC1qaXJhLmF0bGFzc2lhbi5uZXQvYnJvd3Nl
L09WSVJULTE4Njc/cGFnZT1jb20uYXRsYXNzaWFuLmppcmEucGx1Z2luLnN5c3RlbS5pc3N1ZXRh
YnBhbmVsczphbGwtdGFicGFuZWwgXTwvcHJlPgo8aDM+RGFuaWVsIEJlbGVua3kgdXBkYXRlZCBP
VklSVC0xODY3OjwvaDM+CjxwcmU+ICAgIENvbXBvbmVudC9zOiBTVERDSSBEU0wKU3RhbmRhcmQg
Q0kgKFBpcGVsaW5lcyk8L3ByZT4KPGJsb2NrcXVvdGU+PGgzPkFsbG93IGVtYmVkZGVkIHNlY3Jl
dHMgaW5zaWRlIHRoZSBzb3VyY2UgcmVwbyBmb3IgQ0k8L2gzPgo8cHJlPiAgICAgS2V5OiBPVklS
VC0xODY3CiAgICAgVVJMOiBodHRwczovL292aXJ0LWppcmEuYXRsYXNzaWFuLm5ldC9icm93c2Uv
T1ZJUlQtMTg2NwogUHJvamVjdDogb1ZpcnQgLSB2aXJ0dWFsaXphdGlvbiBtYWRlIGVhc3kKICAg
ICAgICAgSXNzdWUgVHlwZTogQnktRU1BSUwKICAgICAgICAgQ29tcG9uZW50czogU3RhbmRhcmQg
Q0kgKFBpcGVsaW5lcyksIFNURENJIERTTApSZXBvcnRlcjogUm9tYW4gTW9ocgpBc3NpZ25lZTog
aW5mcmE8L3ByZT4KPHA+SW4gb3JkZXIgdG8gaW1wcm92ZSB0aGUgc2VsZi1zZXJ2aWNlIGNhcGFi
aWxpdGllcyBvZiBzdGFuZGFyZC1jaSBpdCBpcyBpbXBvcnRhbnQgZm9yIHByb2plY3RzLCB0aGF0
IHRoZXkgY2FuIGFkZCB0aGVpciBvd24gc2VjcmV0cyB0byBwcm9qZWN0cyAodG8gcmVhY2ggZXh0
ZXJuYWwgc2VydmljZXMsIGUuZy4gZG9ja2VyIGh1YiwgJmhlbGxpcDspLiBUcmF2aXMgaGFzIGEg
dmVyeSBuaWNlIHN5c3RlbSB3aGljaCBoZWxwcyBlbmdpbmVlcnMgdGhlcmU6IDxhIGhyZWY9Imh0
dHBzOi8vZG9jcy50cmF2aXMtY2kuY29tL3VzZXIvZW5jcnlwdGlvbi1rZXlzLyI+aHR0cHM6Ly9k
b2NzLnRyYXZpcy1jaS5jb20vdXNlci9lbmNyeXB0aW9uLWtleXMvPC9hPiBCYXNpY2FsbHkgdGhl
IENJIHN5c3RlbSBuZWVkcyB0byBnZW5lcmF0ZSBhIHB1YmxpYy9wcml2YXRlIGtleSBwYWlyIGZv
ciBldmVyeSBlbmFibGVkIGdpdCByZXBvLiBUaGUgZW5naW5lZXIgc2ltcGx5IGZldGNoZXMgdGhl
IHB1YmxpYyBrZXkgdmlhIGEgd2VsbCBrbm93IFVSTCBhbmQgZW5jcnlwdHMgdGhlIHNlY3JldHMu
IFRoZW4gdGhlIGVuY3J5cHRlZCBzZWNyZXQgY2FuIGJlIG1hZGUgcGFydCBvZiB0aGUgc291cmNl
IHJlcG8uIEJlZm9yZSB0aGUgdGVzdHMgYXJlIHJ1biB0aGUgQ0kgc3lzdGVtIGRlY3J5cHRzIHRo
ZSBzZWNyZXRzLiBUaGFuIGNhbiBwbGF5IHRvZ2V0aGVyIHByZXR0eSB3ZWxsIHdpdGggSmVua2lu
c2ZpbGVzIHRvby4gQmVuZWZpdDo8L3A+CjxwcmU+KiBMZXNzIG1hbnVhbCBpbnRlcnZlbnRpb24g
ZnJvbSBDSSB0ZWFtIHRvIGFkZCBzZWNyZXRzIHRvIGpvYnMKKiBTdHJlbmd0aGVuIHRoZSBjb25m
aWctaW4tY29kZSB0aGlua2luZzwvcHJlPjwvYmxvY2txdW90ZT4KPHA+Jm1kYXNoOyBUaGlzIG1l
c3NhZ2Ugd2FzIHNlbnQgYnkgQXRsYXNzaWFuIEppcmEgKHYxMDAxLjAuMC1TTkFQU0hPVCMxMDAw
NzcpPC9wPgoKPGltZyBzcmM9Imh0dHBzOi8vdTQwNDM0MDIuY3Quc2VuZGdyaWQubmV0L3dmL29w
ZW4/dXBuPWk1VE1XR1Y5OWFtSmJOeEpwU3AyLTJCSjMzQlNNM3R1aVVmUlRrNjRLLTJCT2pINk9m
SHdIRjA3S2JXZ0tpVjZnbTNtQjFJSTE4QlNCdFhQUkVqMFdramZxQWdYV25zaHZObWkzZzdoZjdr
djdGcUJraTJSWnpnRmJxUm5LOWdvcXFKa2NBaXpXN25vaTdFcHlDN0N5cTRtNUxjRlk3Z0YxZGZQ
QTcxY3RESnYxaXRQNTVKNFRhSVEwT1ZPRlBLTGxFa0RxdlI1enUtMkJPaVV2TW16RUpJYk1RRWRk
NVRJWGQwRVVJclp6cFdrMEFjYnRhNWl5LTJCV2VjT0QtMkZNWUNyT3ROSmVsa1ZOYm9hdkhwZGhH
SnlNMFc4Q1F5WWZDcXlLZFlyM2xJcE5BUUgwc083M09hdmJLM2dTZ3c0WS0yRjFRU1hoR2g2QUFl
UTBUM0dXc1o1NC0yRlZsbHVUSFZYS1FSWkgxd2s0NDlkT1pNd2dIcER4UVo1NGtlMTg2bktKUkJk
Ry0yQmNGQ2d5bzRwaTNhSjN1UUkzc0JJbUZIbkZLaU92dW9rdWI0dUpVTmRoUWhUMGN4a2hNdnBH
VElvdkt1TmNQWjc1YU1TIiBhbHQ9IiIgd2lkdGg9IjEiIGhlaWdodD0iMSIgYm9yZGVyPSIwIiBz
dHlsZT0iaGVpZ2h0OjFweCAhaW1wb3J0YW50O3dpZHRoOjFweCAhaW1wb3J0YW50O2JvcmRlci13
aWR0aDowICFpbXBvcnRhbnQ7bWFyZ2luLXRvcDowICFpbXBvcnRhbnQ7bWFyZ2luLWJvdHRvbTow
ICFpbXBvcnRhbnQ7bWFyZ2luLXJpZ2h0OjAgIWltcG9ydGFudDttYXJnaW4tbGVmdDowICFpbXBv
cnRhbnQ7cGFkZGluZy10b3A6MCAhaW1wb3J0YW50O3BhZGRpbmctYm90dG9tOjAgIWltcG9ydGFu
dDtwYWRkaW5nLXJpZ2h0OjAgIWltcG9ydGFudDtwYWRkaW5nLWxlZnQ6MCAhaW1wb3J0YW50OyIv
Pgo8L2JvZHk+PC9odG1sPgoKLS0tLS0tLS0tLS0tPV8xNTE3MzEyNzA4LTEyMzgxLTI0MS0tCg==

--===============8944309294851339655==--