Chapter 1. Adding secrets and environment variables to Jenkins for integration with external tools

Procedure

1. Open your Jenkins instance in a web browser and log in with your admin credentials.
2. Select your username at the top right corner of the Jenkins dashboard.
3. From the left sidebar, select Manage Jenkins.
4. In the Security section select Credentials.
5. Under Stores scoped to Jenkins select System.
6. Choose a domain where you want to add the credentials. Typically, it’s Global credentials (unrestricted), click this domain name.
7. Select Add Credentials.
8. From the Kind drop-down list, select Secret text.
9. Keep the default value in the Scope drop-down list as Global (Jenkins…​).
10. Enter information related to your secret in the UI fields.
11. Select Create.

12. Repeat steps 7-11 to add the following credentials:

    Note

    For image registries, Quay is the default option. To use JFrog Artifactory or Sonatype Nexus, uncomment lines with corresponding variables in 2 Jenkinsfiles in both the gitops-template and source-repo folders in your cloned tssc-sample-templates GitHub repository.

    Expand

    Table 1.1. Image registry and GitOps secrets

    Variable	Description
    QUAY_IO_CREDS	Username and password for accessing your Quay.io repository. This is the default option that is uncommented in Jenkinsfiles.
    ARTIFACTORY_IO_CREDS	Username and password for accessing your JFrog Artifactory repository.
    NEXUS_IO_CREDS	Username and password for accessing your Sonatype Nexus repository.
    GITOPS_AUTH_PASSWORD	The token the system uses to update the GitOps repository for newly built images.

    Show more
    Expand

    Table 1.2. Secrets required for ACS and SBOM tasks

    Variable	Description
    ROX_API_TOKEN	API token for accessing the ROX server.
    COSIGN_SECRET_PASSWORD	Password for Cosign signing key.
    COSIGN_SECRET_KEY	Private key for Cosign.
    TRUSTIFICATION_OIDC_CLIENT_SECRET	Client secret used alongside the client ID to authenticate to the Trustification Bombastic API.

    Show more

13. Rerun the last pipeline run.

    1. Alternatively, switch to you application’s source repository in GitHub, make a minor change, and commit it to trigger a new pipeline run.

Procedure

1. From the left sidebar, select Manage Jenkins.
2. In the System Configuration section select System.
3. On the System page scroll down to find the Global properties section.
4. Select Environment variables > Add

5. Add key-value pairs for the following environment variables:

   Expand

   Table 1.3. GitOps variable

   Variable	Description
   GITOPS_AUTH_USERNAME (optional)	The variable required for Jenkins to work with GitLab.

   Show more
   Expand

   Table 1.4. Variables required for ACS and SBOM tasks

   Variable	Description
   ROX_CENTRAL_ENDPOINT	Endpoint for the ROX Central server.
   COSIGN_PUBLIC_KEY	Public key for Cosign.
   TRUSTIFICATION_BOMBASTIC_API_URL	URL for Trustification Bombastic API used in SBOM generation.
   TRUSTIFICATION_OIDC_ISSUER_URL	OIDC issuer URL used for authentication when interacting with the Trustification Bombastic API.
   TRUSTIFICATION_OIDC_CLIENT_ID	Client ID for authenticating to the Trustification Bombastic API using OIDC.
   TRUSTIFICATION_SUPPORTED_CYCLONEDX_VERSION	Specifies the CycloneDX SBOM version that is supported and generated by the system.

   Show more

   Optional: Set the Rekor and TUF variables if Jenkins doesn’t run on a local OpenShift instance, and the Rekor and TUF services are on different clusters. Also, uncomment lines with Rekor and TUF variables in a Jenkinsfile in your cloned tssc-sample-templates repository.

   Expand

   Table 1.5. Rekor and TUF variables

   Variable	Description
   REKOR_HOST	URL of your Rekor server.
   TUF_MIRROR	URL of your TUF service.

   Show more

6. When you added all variables, select Save.
7. Rerun the last pipeline run.