Hi everyone,
I am using Bamboo specs to configure CI for my projects. My YAML files include things like:
---
repositories:
- my_repo:
type: git
url: git@...
shared-credentials: my_ssh_credentials
triggers:
- remote:
ip: 123.456.78.910, 123.456.78.911
notifications:
- events:
- plan-completed
recipients:
- users:
- my_username
which are scanned successfully.
However, I would like the bold variables to NOT be stored in plain text in the YAML file. So I naively thought I could use encrypted variables:
---
repositories:
- my_repo:
type: git
url: git@...
shared-credentials: ${bamboo.sshSecrets}
variables:
ipSecrets: BAMSCRT@abcdefgh...
sshSecrets: BAMSCRT@bcdefghi...
userSecrets: BAMSCRT@cdefghij...
triggers:
- remote:
ip: ${bamboo.ipSecrets}
notifications:
- events:
- plan-completed
recipients:
- users:
- ${bamboo.userSecrets}
which fails at scanning with the following typical errors in the logs:
Referenced credential not found: [oid=<null>,name=${bamboo.sshSecrets},scope=GLOBAL
User "${bamboo.userSecrets}" doesn't exist
Does anyone have any suggestion on how I could make it work?
Thanks a lot,
JC