'How to use certificate credentials at Jenkins server?
I have created Certificate type of credential at Jenkins server. How to use it to sign files?
Aim is to sign Windows files using signcode and to sign jar files using jarsigner.
Please note: Credential is global and should be available at every Jenkins node. I do not have access to Jenkins slaves and I cannot put manually certificate to file system.
Solution 1:[1]
Here's how to sign jar files -- I'm not sure how to configure signcode.
If you have a PKCS#12 keystore, from the Jenkins Dashboard/Manage Jenkins/Manage credentials/Jenkins/Global credentials/Add credentials select Kind: Certificate and Id: my-signing-credentials (for example).
If you're using a declarative Jenkinsfile, you can use withCredentials.
Jenkinsfile:
pipeline {
stages {
stage('Build') {
steps {
withCredentials([certificate(
credentialsId: 'my-signing-credentials',
keystoreVariable: 'my.keystore',
aliasVariable: 'my.alias',
passwordVariable: 'my.password')]) {
withMaven {
sh 'mvn deploy'
}
}
}
}
}
}
If you're using a Jenkins Maven job, go to Configure/Build Environment/Use secret text(s) or file(s)/Bindings/Add/Certificate and enter the keystore variable (my.keystore), password variable (my.password) and alias variable (my.alias) and select your signing credential from the popup menu.
Reference these same variables in your pom.xml:
<project>
<build>
<plugins>
<plugin>
<groupId>org.apache.maven.plugins</groupId>
<artifactId>maven-jarsigner-plugin</artifactId>
<version>3.0.0</version>
<executions>
<execution>
<id>sign</id>
<goals>
<goal>sign</goal>
</goals>
</execution>
</executions>
<configuration>
<keystore>${my.keystore}</keystore>
<alias>${my.alias}</alias>
<storepass>${my.password}</storepass>
</configuration>
</plugin>
</plugins>
</build>
</project>
Sources
This article follows the attribution requirements of Stack Overflow and is licensed under CC BY-SA 3.0.
Source: Stack Overflow
| Solution | Source |
|---|---|
| Solution 1 |