Hello Dear Coders,
Last time I wrote an article regarding security with Nexus and NPM Packages. Once your packages are secure, how do your CI Builds are supposed to work and do things like npm install or how can they run your docker containers?
This article will show you how to do that if you are using Bamboo.
Bamboo has some 2 types of variables:
- global variables
- plan specific variables
If the global variables share the same name as the plan specific variables, then the plan specific variable will overwrite the global variable.
How to define a global variable:
- Go to Bamboo and open administrator panel by clicking the cogwheel
- From the left panel, under Build Resources choose Global Variables
- Create a new variable by giving it a name and a value and click Add.
How to define a plan variable:
- Go to the Plan and press E(dit) key or go to Actions and click Configure plan
- Go to Variables
- The same step as on global variable
Now you can use that variable in your plans. But what about sensitive information ?
Bamboo provides us with a feature that allows us to store sensitive information. If your variable name contains one of the keywords "PASSWORD" or "SECRET", it will automatically encrypt that information
That's a very nice feature and very helpful.
After the variables are configured, we can create our task and use our variables like this:
export PORT=${bamboo.PORT}
echo \_auth = ${bamboo.SECRET_NEXUS_AUTH} >> .npmrc
./docker-build.sh ${bamboo.CONTAINER_NAME} ${bamboo.PORT}
In your build logs, you will see that the variables are encrypted and the sensitive data is not stored.
The same way you can use the variables in your deployment tasks.
Thanks for reading and I hope this will bring a bit of security to your projects. Comments are welcome ! :)
Top comments (0)