/** * Creates a read-protected directory inside {@link KeyMaterialContext#getBaseDir} suitable for storing secret files. * Be sure to {@link FilePath#deleteRecursive} this in {@link KeyMaterial#close}. */ protected final FilePath createSecretsDirectory() throws IOException, InterruptedException { FilePath dir = new FilePath(getContext().getBaseDir(), UUID.randomUUID().toString()); dir.mkdirs(); dir.chmod(0700); return dir; }
@Override public KeyMaterial materialize() throws IOException, InterruptedException { EnvVars e = new EnvVars(); if (key != null && cert != null && ca != null) { final FilePath tempCredsDir = new FilePath(getContext().getBaseDir(), UUID.randomUUID().toString()); // protect this information from prying eyes tempCredsDir.chmod(0600); // these file names are defined by convention by docker copyInto(tempCredsDir, "key.pem", key); copyInto(tempCredsDir,"cert.pem", cert); copyInto(tempCredsDir,"ca.pem", ca); e.put("DOCKER_TLS_VERIFY", "1"); e.put("DOCKER_CERT_PATH", tempCredsDir.getRemote()); return new ServerKeyMaterial(e, tempCredsDir); } return new ServerKeyMaterial(e); }