►
From YouTube: GSoC 2021 Git credentials binding 2021 06 04
Description
Google Summer of Code 2021 mentoring session for the Jenkins git credentials project. Topics include ssh private key management with Java APIs and the username / password credential binding.
A
A
B
Yeah
I
just
wanted
to
know
like.
Is
there
a
fixed
number
of
meetings
that
we
have
to
have
every
week
during
the
coding
phase?
Also.
A
So
that's
what
we
may
want
to
do
is
bring
that
to
bring
that
to
the
next
meeting
when
we've
got
justin
there
and
rishabh
first
meeting
next
week,
because
I
think
they
may
be
willing
to
say,
let's
switch
to
once
a
week
rather
than
doing
twice
a
week,
if
you
think
it
will
work
for
you
or
once
a
week,
plus
the
option,
if
you
say
hey,
I
have
a
question
they're
happy
to
meet
separately,
so
I
believe
in
the
past,
or
I
think
last
year
we
did
one
meeting
a
week
and-
and
it
was
it
was
sufficient,
particularly
since
this
year
your
expected
time
is
actually
less
per
week
than
last
year's
was
right.
A
C
A
Was
just
asking
a
question
that
I
proposed
to
have
answered
tues
in
next
in
the
next
meeting
about
how
many
times
a
week
to
meet
during
the
coding
phase,
coding
phase
starts
next
monday
and
rishabh.
Do
I
remember
correctly
that
we
only
met
once
a
week
during
coding
phase,
but
we
used
to
face
okay
so
so
open
to
open
to
both
it's
something:
to
negotiate
with
the
mentors.
C
A
B
A
And
are
you
using
the
same
credential
id
in
the
in
the
get
step
as
you
are
in
the
oh?
Yes,
you
are
it's
the
same
good,
very
good,
okay,
so
good
confirmation
that
it
works.
A
A
A
B
B
Yeah,
if
I
have
to
I
mean
fetch
dj,
I
like
I,
am
pushing
this
pushing
the
tag,
but
I
have
to
fetch
the
changes
again,
I'm
I'm
not
sure
because,
but
it
is
causing
error.
If
I
don't
use
this
step.
A
A
B
A
B
A
That,
if
I
remember
right,
there
is
actually
code
inside
the
git
plug-in
or
the
get
client
plug-in
that
does
some
very
explicit
deletion
of
remote
tags,
because
command
line
git
has
changed
its
behavior
over
its
life's
lifetime
for
that
it.
But
this
is
great.
What
you're
doing
is
good
okay,
so
you
you
clone
the
remote
repository,
delete
the
v3
tag
from
the
remote
clone
it
again,
so
that
the
deletion
is
now
recorded
locally
and
then
you're
going
to
tag
push
the
tag
and
you're
going
to
push
the
branch
named
main
as
well.
B
C
Work
was
there
a
missing
bracket
there.
B
B
A
Okay,
but
we
can,
we
can
actually
adjust
that
as
well,
so
this
is
trying
to
apply
the
tag
locally.
So,
let's,
let's
adjust
inside
your
inside
your
pipeline
and
let's,
let's
do
the
tag,
deletion
locally.
A
B
B
A
B
D
A
A
B
B
B
B
A
A
B
A
B
A
A
B
A
So
open
up
the
open
up
the
open
up
the
the
pipeline
editor
again,
let's
take
a
look
at
it.
Maybe
we're
just
missing
a
closing
double
quote:.
A
Yes,
look
at
that.
I
don't
know
why
it
ever
worked
line
20.
A
A
A
B
A
A
A
C
So
I
I
have
a
question
so
the
process
here
is
that
harshit
is
testing
the
bindings
and
password
bindings
for
the
multiple
platforms
with
multiple
executives
and
then
this
the
steps
to
be
sure
that
this
is
working.
The
first
is
the
interactive
testing
we're
doing
right
now
and
after
that,
we're
going
to
look
at
automated
tests
or
we're
going
to
look
at
adding
this
to
get
client
plugin
and
then
look
look
at
those
things.
How
are
we
sure
that
this
is
going
to
work
and
we're
not
missing
edge
cases.
C
Okay,
I
I
just
wanted
to
know
that,
since
this
is
this
is
so,
we
will
of
course
have
interactive
testing
too.
It's
kind
of
a
sanity
check.
I
assume
that
okay,
this
is
working
and
the
binding
works
for
the
commands,
but
so
you're
saying
that
you're
going
to
cover
going
to
write
automatic
test
cases
for
the
binding
in
the
gate,
clan
project.
C
A
So
so,
at
least
for
me
that
was
quite
challenging.
The
writing.
Automated
tests
for
authentication
cases
usually
means
sharing
a
credential
that
publicly
and,
and
that
for
me,
never
worked.
I
just
wasn't
willing
to
share
a
credential
publicly,
so
there
there
are
some
tests
either
in
the
git
plug-in
or
the
get
client
plug-in
that
use
a
technique
of
relying
on
the
existence
of
a
file
on
the
local
disk
to
provide
those
credentials
and
if
the
file
doesn't
exist,
the
test
is
skipped
so,
and
you
could
consider
doing
something
like
that.
Harshet.
A
There
are
also
tests
in
the
git
plug-in
that
use
a
pipeline
and
they
actually
express
pipeline
in
the
test
and
and
that
again
could
be
a
a
good
place
to
put
that
kind
of
a
a
test
where
you
say
if
this
special
file
exists
on
the
disk,
and
it
contains
a
username
password
pair
then
use
that
username
password
pair
to
create
a
jenkins,
credential
and
use
that
credential
to
run
this.
This
test.
A
But
but
for
me,
that's
that's
relatively
well.
That's
relatively
exotic
it'd
be
really
great.
If
you
could
figure
out
how
to
do
that,
but
I
would
think
at
least
for
me,
I'm
more
concerned
with
getting
you
through
username
password
and
getting
it
released
that
I
am
worrying
about.
If
you
get
detailed
test
automation
for
the
authentication
cases
now
rishabh,
you
may
have
a
different
opinion
there.
A
different
view
I
just
think
of
I
was
assuming
it's
going
to
be
quite
difficult
to
write,
authentication
test
cases.
C
That's
that's
I.
I
was
just
saying
automate
test
cases,
because
I
just
thought
that
interactive
testing,
I
think
it's
a
great
thing
to
do
and
it's
the
best
thing
to
do
right
now.
So
it's
just
that.
Sometimes
you
tend
to
miss
some
cases
and
then
we
get
bugs.
But
I
I
understand
the
case
here
and
the
writing.
Automated
test
cases
is
going
to
take
a
lot
of
considerable
time
of
our
shifts
and
we
already.
A
A
Yeah
see
for
me,
I
was
thinking
if
we
accept
that
username
password,
we
want
to
get
it
implemented
and
released
as
quickly
as
possible,
so
that
harshit
has
been
through
the
experience
of
going
all
the
way
to
shipping
code,
and
we
do
that
just
as
quickly
as
as
he
can.
After
he's
done,
his
all
the
interactive
testing.
It's
been
code,
reviewed,
etc.
A
A
Right
because
it's
got
this
problem
in
spades
right,
it
has
this
problem
everywhere
it
everything
it
does,
is
binding
a
credential,
and
how
does
how
did
jesse
write
tests?
For
that
thing?
And-
and
the
answer
is,
I
don't
know
how
he
did
it
so
but
it'd
be.
It
certainly
wouldn't
be
harmful
to
look
at
what
he
did
and
see
how
he
did
it.
C
I
should
maybe
that
could
be
a
good
exercise
for
you
for
you
to
look
at
those
tests
and
if
you
can,
you
can
see
and
then
estimate
how
much
of
an
effort
that
looks
like
to
you.
If
it
looks
like
something
we
could
easily
put
to
get
client
back
in
this
environment.
C
It's
it's
okay!
I
I
don't.
I
don't
it's
not
like
yeah.
It
is
a
necessary
step
because,
of
course,
what
marcus
said
makes
total
sense,
so
releasing
it
releasing
the
user
password
binding
first,
which
is
sufficient.
Interactive
testing
would
be
a
great
let's
progress,
and
then
you
would
have
a
lot
of
material
for
the
phase
one
evaluations
as
well.
So
I
think
it
would
be
a
good,
a
good,
systematic
way
to
do
it,
but
yeah
good.
Look
at
the
credentials,
binding
tagging.
First,
to
estimate
that
effort.
C
I
I
actually
explored
a
little
bit
on
the
top
last
topic.
Last
time
we
were
discussing
that
is
converting
open,
ssh
private
keys
to
pem
files
using
bouncy
acid.
C
I
have
to
show
some
code
I
tried
I
haven't
reached.
I
could
not
convert
it
into
a
pen,
I
basically
hash
it.
What
we
want
is
that
we
want
the
private
key
right.
We
want
to
generate
a
private
key
from
the
whatever
key
we
are
trying
to
ingest.
C
C
C
C
So
so
what
I've
essentially
done
is
that
I
have
so
they
have
a
way
of
ingesting
the
file
which
is
to
decoded
base64,
decoded
and
replace
the
headers,
and
so
I
was
able
to
create
the
spec.
C
The
problem
I'm
facing
is
and
generating
the
private
key.
It's
a
weird
one:
it's
it
says
that
it
does
not
support
the
encoding
type.
Oh.
C
So
it's
not
an
rsa
definitely,
but
because
if
it
was
rsa
then
it
would
have
said
here
right.
A
Well,
at
least
mine,
I
had
a
case.
I
had
at
least
one
case
where
it
didn't
tell
me
it
was
rsa,
but
I
knew
it
was.
A
Think
there
is
an
ss,
let's
see
what
is
it?
Let
me,
let
me
do
a
quick
look.
D
C
So
what
I
want
to
so
in
there
in
their
own
code,
what
they're
telling
us
is
that
this
is
how
you
could
use
ssh
private
key,
and
so
it
tries
to
figure
out
the
encoded
algorithm
as
well.
I
think
in
the
code,
but.
B
C
Says
that
you,
you
create
the
private
spec.
This
is
the
way
they
have
created
the
tree
factory
as
well.
They've
used
the
bouncy
asset
provider
and
the
algorithm
is
taken
as
rsa
and
yeah
and
they
they
get
and
then
generate
the
private
key
from
this.
So
if
we
it's
just
the
matter
of
having
the
key
factor
once
you
have
the
instance
of
the
key
factor,
then
it's
it's
all
about
generating
the
private
key.
C
C
It
doesn't
support
the
existence,
very
existence
of
openness
in
its
priorities,
the
new
format,
but
this
this
leads
to.
I
think
we
could
do
it.
I'm
not
sure
why
it's
it's
not
supporting
the
encoding.
I
I
did
ask
the
same
question
in
their
mailing
chat
in
the
balancing
academy
chat,
but
I
haven't
received
a
reply.
Yet
maybe
what
you're
saying
mark
is
that
maybe
the
algorithm
is
different,
so
you're
saying
that
I
should
I
can
we
just
hit
and
try
that.
A
C
A
D
A
C
C
C
A
C
C
So
it
just
seems
like
they
did
they
do.
They
do
recognize
the
existence
of
open
message,
private
key,
and
if,
if
that's
the
case,
then
there
must
be
a
way
to
I.
I
think
there
must
be
a
way
to
get
the
keys
is
when
using
comments
but
yeah.
I
I
really
did
not
find
anyone
on
the
internet
doing
it.
So
that's
weird,
I
did
not
find
someone
using
the
private
key.
C
I
did
find
people
using
it
to
generate
openness
as
private
keys,
so
I
didn't
find
a
case
where
a
person
was
generating
open,
ssh
private
keys
using
the
key
space.
So
there
is
a
they
have
also
provided
a
util
to
encode,
a
private
key
or
power
supply
private
key
lock.
So
we,
if
you
want
to
generate
private
key,
you
would
use
input
and
this
this
works
parameter
would
create
the
same
and
it
does
recognize
the
new
algorithm
we
have.
C
So
this
is
what
the
new
format
is
using
right,
open
source
key
v1
is
the
new
I
was
reading
about,
because
I
could
not
figure
out
what
is
this
new
format
which
openness
such
as
doctor.
C
This
is
something
for
me.
I
don't
want
to
waste
harshet's
time
I'll.
You
know,
spend
some
more
time
on
this
and
try
to
figure
out
that
this
can
actually
work
or
not.
If
you
know
anything
about
this,
if
you've
seen
this,
then
maybe
you
could
share
something
when
you
were
looking
at
bouncy
castle.
Okay,.
A
A
C
C
C
D
A
C
C
C
So
in
their
own
tests
I
could
not
find
yeah
them
using
the
latest
format
of
the
open
ssh,
but
this
is,
I
think
this
was
written
long
back.
A
C
C
This
is
the
right
monitoring.
C
But
it
says
that
it
does
not.
C
C
C
B
Yes,
in
format,
the
algorithm
will
show
itself
like
which
encoding
algorithm
it
uses.
I
mean
the
private
key
will
show
itself
which
encoding
algorithm
it
uses.
C
B
C
Which,
which
was
yeah,
which
was
sms,
hyphen
f,
the
the
key
and
then
hyphen
m
pem.
That
is
what
I
think
mark
mentioned
right,
yeah.
B
It
is
mentioned
in
the
docs
in
the.
B
A
A
C
And
I,
with
this
thought,
I
just
wanted
to
ask:
what
is
the
launch
command
with
arguments
and
doing
it
programmatically?
What
are
we
trading
off
here?
Is
it?
Is
it
more
execution
time.
A
It
it
is
more,
it
is
much
more
expensive
to
create
a
sub
process,
run
something
and
then
come
back
than
it
is
to
do
it
native.
In
java,
it's
back
to
the
the
jget,
the
jgit
case
and
ssh
keygen
is
probably
even
shorter,
live
than
most
git
commands.
You
remember
how
we
found
that
jgit
could
clone
much
faster
on
small
repositories,
because
the
overhead
of
starting
and
stopping
the
process
was
much
less.
It
didn't
exist,
but
if
we
need
to
do
ssh
keygen,
we
need
to
do
ssh
key.
C
Jam
so
there
is
a
real
benefit
of
if
we
are
able
to
find
it
find
bouncy
castle
or
any
library
to
do
this.
It
has
a
worthwhile
benefit
for
us.
A
C
So
so
I
I
think
this
could
be
done
in
a
way
where
hashit's
progress
is
not
blocked.
I
I
will
look
into
it
more.
If
I
should
you
feel
like
you,
you
know
you
you
investigate,
and
you
see
something
worthwhile.
You
can
definitely
share
it
with
me
in
the
chat
with
everyone,
but
I
think
you
should
continue
with
whatever
you're
doing
and
the
plan
is
I
I
can
definitely
look
into
it
during
the
weekend,
so
it
should
not
be
permanent.
A
A
C
I
I
think
we
can
ready.
We
should
use
you
as
long
as
you
are
here.
So
can
we
reschedule
it
to
a
time
where
you
can
also
be
available
so
that
you
you.