如何将远程ssh-agent连接内的凭据传输到Jenkins管道中

时间:2019-05-07 11:53:27

标签: docker jenkins ssh ssh-agent

我有一个Jenkins作业,该作业仅用于将一个docker映像从注册表移至另一个。

为安全起见,必须将docker命令运行到远程ssh连接中。我想知道如何安全地将用户名/密码传输到此远程连接,也许使用Jenkins凭据

node {
    stage('Move artifact') {
        GString imageName = "project:imageName"
        sshagent (credentials: ['ssh-credentials']) {
            runSSHCommand("docker pull source.registry/${imageName}", env.DOCKER_HOST)
            runSSHCommand("docker login destination.registry -u=${env.DOCKER_USERNAME} -p=${env.DOCKER_PASSWORD}", env.DOCKER_HOST)
            runSSHCommand("docker tag source.registry/${imageName} destination.registry/${imageName}", env.DOCKER_HOST)
            runSSHCommand("docker push destination.registry/${imageName}", env.DOCKER_HOST)
        }
    }
}

def runSSHCommand(GString command, host) {
    sh 'ssh -tt -o ExitOnForwardFailure=yes -o StrictHostKeyChecking=no ' + host + ' "' + command + '"'
}

是否有一种安全的方法来不将$ {DOCKER_USERNAME}和$ {DOCKER_PASSWORD}放入环境变量,而是使用Jenkins的凭据?

0 个答案:

没有答案