Setting an HashiCorp Vault

Why do you want your own Vault for your DevOps Pipeline

Todo: Add some motivational stuff here

Setup using Docker on my server without ready the docs first

As usual I setup all of the required tools as docker containers. Luckily HashiCorp provides a ready image which just needs to be started as then the UI is readily accessable on port 8200 for your HTTP-Requests. Due to some other maintenance on the server I had to reboot the server, but this is no issue as the docker container can be configured to restart automatically.

After the reboot somehow the whole pipeline did not work anymore. It was as if the credentials did not work anymore. In fact it was even worse, all configuration, ACLs, roles, secrets were gone from vault.

Going back to the DockerHub page and reading up on the Development mode revealed that NO DATA will be pesisted, as everything will be in-memory. Please write this as a BIG disclaimer on top of the page!!!

So just configured the ACL, auth methods and secrets again. For the integration in jenkins I used the new HashiCorp Vault Plugin Version 3. Unfortunately this plugin is still a bit buggy as I constantly greeted with this exception:

ava.lang.UnsupportedOperationException: Refusing to marshal java.io.PrintStream for security reasons; see https://jenkins.io/redirect/class-filter/ at hudson.util.XStream2$BlacklistedTypesConverter.marshal(XStream2.java:543) at com.thoughtworks.xstream.core.AbstractReferenceMarshaller.convert(AbstractReferenceMarshaller.java:69) at com.thoughtworks.xstream.core.TreeMarshaller.convertAnother(TreeMarshaller.java:58) at com.thoughtworks.xstream.core.AbstractReferenceMarshaller$1.convertAnother(AbstractReferenceMarshaller.java:84) at hudson.util.RobustReflectionConverter.marshallField(RobustReflectionConverter.java:262) at hudson.util.RobustReflectionConverter$2.writeField(RobustReflectionConverter.java:249) Caused: java.lang.RuntimeException: Failed to serialize com.datapipe.jenkins.vault.VaultBuildWrapper#logger for class com.datapipe.jenkins.vault.VaultBuildWrapper at hudson.util.RobustReflectionConverter$2.writeField(RobustReflectionConverter.java:253) at hudson.util.RobustReflectionConverter$2.visit(RobustReflectionConverter.java:221) at com.thoughtworks.xstream.converters.reflection.PureJavaReflectionProvider.visitSerializableFields(PureJavaReflectionProvider.java:138) at hudson.util.RobustReflectionConverter.doMarshal(RobustReflectionConverter.java:207) at hudson.util.RobustReflectionConverter.marshal(RobustReflectionConverter.java:148) at com.thoughtworks.xstream.core.AbstractReferenceMarshaller.convert(AbstractReferenceMarshaller.java:69) at com.thoughtworks.xstream.core.TreeMarshaller.convertAnother(TreeMarshaller.java:58) at com.thoughtworks.xstream.core.TreeMarshaller.convertAnother(TreeMarshaller.java:43) at com.thoughtworks.xstream.core.AbstractReferenceMarshaller$1.convertAnother(AbstractReferenceMarshaller.java:88) at com.thoughtworks.xstream.converters.collections.AbstractCollectionConverter.writeItem(AbstractCollectionConverter.java:64) at hudson.util.DescribableList$ConverterImpl.marshal(DescribableList.java:269) at com.thoughtworks.xstream.core.AbstractReferenceMarshaller.convert(AbstractReferenceMarshaller.java:69) at com.thoughtworks.xstream.core.TreeMarshaller.convertAnother(TreeMarshaller.java:58) at com.thoughtworks.xstream.core.AbstractReferenceMarshaller$1.convertAnother(AbstractReferenceMarshaller.java:84) at hudson.util.RobustReflectionConverter.marshallField(RobustReflectionConverter.java:262) at hudson.util.RobustReflectionConverter$2.writeField(RobustReflectionConverter.java:249) Caused: java.lang.RuntimeException: Failed to serialize hudson.model.Project#buildWrappers for class hudson.model.FreeStyleProject at hudson.util.RobustReflectionConverter$2.writeField(RobustReflectionConverter.java:253) at hudson.util.RobustReflectionConverter$2.visit(RobustReflectionConverter.java:221) at com.thoughtworks.xstream.converters.reflection.PureJavaReflectionProvider.visitSerializableFields(PureJavaReflectionProvider.java:138) at hudson.util.RobustReflectionConverter.doMarshal(RobustReflectionConverter.java:207) at hudson.util.RobustReflectionConverter.marshal(RobustReflectionConverter.java:148) at com.thoughtworks.xstream.core.AbstractReferenceMarshaller.convert(AbstractReferenceMarshaller.java:69) at com.thoughtworks.xstream.core.TreeMarshaller.convertAnother(TreeMarshaller.java:58) at com.thoughtworks.xstream.core.TreeMarshaller.convertAnother(TreeMarshaller.java:43) at com.thoughtworks.xstream.core.TreeMarshaller.start(TreeMarshaller.java:82) at com.thoughtworks.xstream.core.AbstractTreeMarshallingStrategy.marshal(AbstractTreeMarshallingStrategy.java:37) at com.thoughtworks.xstream.XStream.marshal(XStream.java:1026) at com.thoughtworks.xstream.XStream.marshal(XStream.java:1015) at com.thoughtworks.xstream.XStream.toXML(XStream.java:988) at hudson.XmlFile.write(XmlFile.java:195)

This is a known bug JENKINS-59836 that alreday exists for two months.