I have stored PAT in vault and trying to clone a gitlab private repo with this credential but getting access denied error. I’m able to clone the same repo by providing hardcoded value of username and PAT in clone command. Below is my pipline snippet:
stage (‘Read Secrets From Vault’) {
steps {
withVault(configuration: [
vaultCredentialId: “vault-token”,
vaultUrl: “https://my-vault.com”],
vaultSecrets: [
[
path: “gitlab/credentials”,
engineVersion: 1,
secretValues: [
[envVar: “uname”, vaultKey: “usr”],
[envVar: “pat”, vaultKey: “pat”]
]
]])
{
sh “”"
echo ${uname} > username.txt
echo ${pat} > token.txt
sleep 60
"""
}
}
}
stage('Checkout') {
steps {
script{
sh '''
git clone https://${uname}:${pat}@gitlab-repo.git
'''
}
}
}
Even I can see username and token in above mentioned respective txt files.
Could someone please help me understand why this is happening? Any insights or recommendations on how to prevent this issue in the future would be greatly appreciated.
Thank you!