Bamboo Specs: using encrypted variables to configure tasks

Jean-Claude Passy January 16, 2025

Hi everyone,


I am using Bamboo specs to configure CI for my projects. My YAML files include things like:

---
repositories:
   - my_repo:
        type: git
        url: git@...
        shared-credentials: my_ssh_credentials
triggers:
  - remote:
       ip: 123.456.78.910, 123.456.78.911
notifications:
  - events:
       - plan-completed
     recipients:
         - users:
             - my_username

which are scanned successfully.
However, I would like the bold variables to NOT be stored in plain text in the YAML file. So I naively thought I could use encrypted variables:

 

---
repositories:
   - my_repo:
        type: git
        url: git@...
        shared-credentials${bamboo.sshSecrets}
variables:
  ipSecrets: BAMSCRT@abcdefgh...
  sshSecrets: BAMSCRT@bcdefghi...
  userSecrets: BAMSCRT@cdefghij...
triggers:
  - remote:
       ip: ${bamboo.ipSecrets}
notifications:
  - events:
       - plan-completed
     recipients:
         - users:
             - ${bamboo.userSecrets}
which fails at scanning with the following typical errors in the logs:
Referenced credential not found: [oid=<null>,name=${bamboo.sshSecrets},scope=GLOBAL
User "${bamboo.userSecrets}" doesn't exist

Does anyone have any suggestion on how I could make it work?

Thanks a lot,

JC

0 answers

Suggest an answer

Log in or Sign up to answer
DEPLOYMENT TYPE
SERVER
VERSION
9.2.21
TAGS
AUG Leaders

Atlassian Community Events