Background
I want to integrate Bitbucket with Jenkins.
I have made plugin that I want to use.
The plugin supports HMAC and IP filtering, to limit access to it.
Problem
My current workplace has Bitbucket and Jenkins running on different networks with a proxy between. Jenkins will always see same IP from the proxy, so I cannot limit access to IP.
Technically, I could use HMAC. But the secret would have to be configured by a repo administrator, in each repo, and that "secret" is likely to not be a secret for long.
Proposed solution
I found this, listing different properties:
https://confluence.atlassian.com/bitbucketserver/bitbucket-server-config-properties-776640155.html
If there was a property like plugin.webhooks.signature.secret that can be set to a global default secret. Used for signing any webhook unless a secret is given in that repo.
What do you think?
Edit: I created: https://jira.atlassian.com/projects/BSERV/issues/BSERV-12248