JCasC should be able to handle multiple secret sources

[CzapBran]

What feature do you want to see added?

Currently, it seems it's only possible to have one Secret Source set for the CasC plugin. For example, I have the following use case:

We have connected our Jenkins server to pull secrets from an Azure Key Vault. When the CASC plugin starts up, it fetches the auth token to the KeyVault, and performs the String interpolation in our yaml files. However, we are deploying to staged environments, so we have some "secret" values in our CasC that are not really secret, such as Urls or ID names. I don't want to store these values in my actual Key Vault, as they aren't really secret values, and that causes a large overhead to track when viewing the vault.

Our deployment uses Overlays to set values based on Environment. In my current setup, I would like the ability to set these URLs and IDs as environment variables in those files, and then after the CasC plugin searches through the vault for my actual secrets, it looks into the environment variables to have another pass at string interpolation for non-secret values from my overlays.

As it stands right now, if I set these as ENV variables, they resolve to null once Jenkins is set up. Again, I would like to see the CasC at least check the ENV variables if any values were missing after the first passthrough.

Upstream changes

I don't think this should impact any other plugins.

[henrykie]

Any update on this?