Table of Contents | ||
---|---|---|
|
Credential Types allow you to specify what kind of credential will be used within FlexDeploy. Currently, the supported types are: Secret Text, SSH Key, and Certificate.
Secret Text
Secret Text credentials have an input for text that will be encrypted. These are commonly associated with passwords.
...
Input Name | Description | Input Type | Required |
---|---|---|---|
Secret Text | Text that will be stored in encrypted format | Text | Yes |
A secret text credential that is assigned to an encrypted property within FlexDeploy can be referenced by using the code of the property it was assigned to. Since there is only one input value, there are no suffixes that need to be appended unlike SSH Key or Certificate credentials.
SSH Key
SSH Key credentials support a private key file upload and an optional input for a passphrase. You will be able to download the public key based on the private key that is uploaded.
...
Input Name | Description | Input Type | Required |
---|---|---|---|
SSH Key | SSH Key which will have its content stored in encrypted format. | File | Yes |
Passphrase | Passphrase for accessing the SSH key (optional). | Text | No |
Referencing SSH Key Values As Properties
An SSH Key credential that is assigned to an encrypted property within FlexDeploy can be referenced for property replacement or groovy variables. In order to reference the private key, then only the property code can be used. If you want to access the passphrase, then attach the suffix _PASSPHRASE
(case sensitive) to the property code.
For example, we have an encrypted property on this workflow with the code ENDPOINT_SSH_KEY
.
...
We could have a step in our workflow to execute some sort of shell script that will make an SSH connection using the property configured on the project. Below is an example of referencing our property in a groovy script, but it would be similar for environment variables or property replacement within files. For accessing the private key then we would use the code ENDPOINT_SSH_KEY
. For accessing the passphrase, then it would be ENDPOINT_SSH_KEY_PASSPHRASE
. Note that if referencing the passphrase like this, it could fail if the actual value of the property during execution is not an SSH Key type credential.
...
Trouble Shooting SSH Key Credentials
Invalid Format
If there is an error that occurs when using an SSH Key credential that includes the message “invalid format”, then it might be possible that the key was not formatted properly when it was uploaded.
...
The private key file must have Unix EOL characters, and must have an empty line at the end of the file. When you generate a private key using OpenSSH, then the resulting private key will have Unix EOL characters even if generated on a Windows machine. The screenshot below is an example of the proper EOL format. The actual key content itself does not matter, but notice the End of Line characters. You can enable the EOL symbols in Notepad++ by clicking View → Show Symbol → Show End of Line.
...
If copying the content of an existing private key to a new file then it may result in improper formatting. Here is an example of an invalid format which would cause the error shown above.
...
Similarly, the file may have Windows EOL characters which will appear as CR LF
. To convert to Unix EOL characters in Notepad++, you can use Edit → EOL Conversion → Unix to correct it.
...
Permission denied (publickey)
This error shows up when trying to connect to a github GIT repository.
...
The most common reasons for this error happening are
Public key is not uploaded to a user’s GIT account. Instructions on how to do this will vary by GIT provider, but here is a link on how to do it in GitHub: https://docs.github.com/en/authentication/connecting-to-github-with-ssh/adding-a-new-ssh-key-to-your-github-account
Passphrase is incorrect for connecting with the private key
GIT URL could be incorrect
Authenticating user may not have access to the repository in the GIT URL property
A couple of other reasons could be
The system that is authenticating with GIT has an old version of OpenSSH (could use SHA-1 signing of keys) that does not support handling keys generated from a newer version (SHA-2 signature). This could result in a newer SHA-2 signed key trying to be accessed by an older version of OpenSSH that is only aware of SHA-1 signing. Additionally, most GIT providers will only accept SHA-2 signed keys. Please ensure that the OpenSSH version installed is 8.0+ on systems that will be performing GIT operations.
The system that is authenticating with GIT is Windows-based and is running a version of OpenSSH that is less than 8.4. Please see the Executing On Windows Endpoint With Git Plugin section below.
Executing On Windows Endpoint With GIT Plugin
When executing GIT plugin operations on a Windows system, FlexDeploy uses the SSH_ASKPASS_REQUIRE
environment variable to supply the passphrase of the private key. This environment variable was introduced in OpenSSH 8.4. For endpoints that are Windows based, it is recommended that the OpenSSH version should be 8.4+. If the version is <8.4, then trying to use SSH Keys with passphrases will not work when trying to connect to GIT repositories, and will result in an error that includes the message Permission denied (publickey). fatal: Could not read from remote repository. Please make sure you have the correct access rights and the repository exists.
which could be misleading as there are many factors that will cause that error message. Note that this is not limited to just with the GIT plugin, as trying to make an SSH connection through a custom groovy script or shell script within a workflow could result in a similar issue.
Certificate
Certificate credentials support a certificate file upload and an optional password.
...
Input Name | Description | Input Type | Required |
---|---|---|---|
Certificate | Certificate which will have its content stored in encrypted format. | File | Yes |
Password | Password for accessing the certificate (optional). | Text | No |
Referencing Certificate Values As Properties
A Certificate credential that is assigned to an encrypted property within FlexDeploy can be referenced for property replacement or groovy variables. In order to reference the certificate, then only the property code can be used. If you want to access the password, then attach the suffix “_PASSWORD” (case sensitive) to the property code.
For example, we have an encrypted property on this workflow with the code WEB_CERTIFICATE
.
...
We could have a step in our workflow to execute an operation that will connect to an external system using the certificate of the property configured on the project. Below is an example of referencing our property in a groovy script, but it would be similar for environment variables or property replacement within files. For accessing the certificate then we would use the code WEB_CERTIFICATE
. For accessing the password, then it would be WEB_CERTIFICATE_PASSWORD
. Note that if referencing the password like this, it could fail if the actual value of the property during execution is not a Certificate type credential.
...
FLEXDEPLOY Credential Value Functions
For any groovy script that has access to the FLEXDEPLOY variable, there are methods for accessing the plain text values of a given credential id or name.
Method | Description |
---|---|
FLEXDEPLOY.getCredentialSecretTextValueById(credentialId) | Returns the plain text value String of the given Credential id. The id must belong to a credential of type Secret Text. |
FLEXDEPLOY.getCredentialSecretTextValueByName(credentialName) | Returns the plain text value String of the given Credential name. The name must belong to a credential of type Secret Text. |
FLEXDEPLOY.getCredentialValueById(credentialId) | Returns an object containing the plain text values depending on the credential type of the provided id. Secret Text -> CredentialSecretTextValuePojo SSH Key → CredentialSshKeyValuePojo Certificate → CredentialCertificateValuePojo |
FLEXDEPLOY.getCredentialValueByName(credentialName) | Returns an object containing the plain text values depending on the credential type of the provided name. Secret Text -> CredentialSecretTextValuePojo SSH Key → CredentialSshKeyValuePojo Certificate → CredentialCertificateValuePojo |
CredentialSecretTextValuePojo
Method | Description |
---|---|
getSecretText() | Returns the secret text value of this credential. |
CredentialSshKeyValuePojo
Method | Description |
---|---|
getSshKey() | Returns the private key value of this credential. |
getSshKeyPassphrase() | Returns the passphrase value of this credential. |
CredentialCertificateValuePojo
...
Method
...
Description
...
getCertificate()
...
Returns the certificate value of this credential.
...
getCertificatePassword()
...
Once a credential is created, the credential type cannot be modified.
Child pages (Children Display) | ||
---|---|---|
|