Skip to content

Add Opensearch 1P service account token#208

Open
detjensrobert wants to merge 2 commits intolfit:mainfrom
detjensrobert:dr/opensearch-1p-eso
Open

Add Opensearch 1P service account token#208
detjensrobert wants to merge 2 commits intolfit:mainfrom
detjensrobert:dr/opensearch-1p-eso

Conversation

@detjensrobert
Copy link
Contributor

@detjensrobert detjensrobert commented Feb 5, 2026
edited
Loading

This adds the 1Password service account token for the Opensearch account that is used to fetch job secrets via the 1Password Jenkins plugin. This only adds the envvar placement into the Jenkins and does not configure the 1P plugin in the JCASC.

Issue ref: https://jira.linuxfoundation.org/browse/IT-29070

@detjensrobert
Fetch Opensearch 1P service account token for 1P Jenkins plugin
d6d6706 
This secret is originally from the Opensearch account Shared vault, but
has been copied to the LF account Release Engineering vault so that it
can be automatically rotated by the existing ESO.

(This doesn't make sense to set up as its own second ESO store, since the
cluster will not be fetching any other secrets from the Opensearch vault;
the 1Password Jenkins plugin will be doing the fetching from the jobs which
does not involve the cluster ESO)

Signed-off-by: Robert Detjens <rdetjens@linuxfoundation.org>
@detjensrobert
Remove duplicated 1P service account envvar
ed5ce20 
The `op` cli is not used by the Jenkins controller and this token is only
used by the JCASC to configure the plugin. The jobs that fetch 1P secrets
get the token from the plugin config not this envvar.

Signed-off-by: Robert Detjens <rdetjens@linuxfoundation.org>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@detjensrobert