Jenkins - Username and Password to checkout git in Jenkinsfile (groovy)

Question

We are trying to use AWS DynamoDB (with KMS encrypted values) to store our secrets rather than using Jenkins Credentials. This is advised by our security team.

I am able to fetch secrets (git username and password) as variables on Jenkins slaves, but not sure how to use those to checkout git repository using those.

This is our existing code

stage('SCM Checkout') {
    checkout([$class: 'GitSCM', branches: [[name: "*/${GIT_BRANCH}"]],
        doGenerateSubmoduleConfigurations: false, extensions: [], submoduleCfg: [],
        userRemoteConfigs: [[credentialsId: 'GIT_PASSWORD', url: "${GIT_URL}"]]])
}

I want to use variable GIT_USER and GIT_PASSWORD (fetched from AWS) instead of using credentialsId

Answer 1

Okay, I have finally come up with a solution by using SSH Key. In my server startup script (AWS user data), I have fetched (from DynamoDB) keys and username of my Git Repository (AWS CodeCommit) and stored them in ~/.ssh/sshkey and ~/.ssh/config files respectively.

Here, is my ~/.ssh/config file

Host git-codecommit.<my_aws_region>.amazonaws.com
  User <my_user>
  StrictHostKeyChecking no
  IdentityFile ~/.ssh/sshkey
  PreferredAuthentications publickey

And, here is the stage to checkout git repository.

stage('Checkout SCM') {
    git url: 'ssh://git-codecommit.<my_aws_region>.amazonaws.com/v1/repos/<my_repo>', branch: '<my_branch>'
}

This is not exactly what I was looking for in the starting, but solves my issue.