import com.bettercloud.vault.VaultConfig; import com.bettercloud.vault.Vault; initscript { repositories { mavenCentral() } dependencies { classpath 'com.bettercloud:vault-java-driver:4.1.0' } } ['VAULT_ADDR', 'VAULT_ROLE_ID', 'VAULT_SECRET_ID'].each { if (System.env."$it" == null) { throw new GradleException("$it must be set!") } } final String vaultToken = new Vault( new VaultConfig() .address(System.env.VAULT_ADDR) .engineVersion(1) .build() ) .auth() .loginByAppRole("approle", System.env.VAULT_ROLE_ID, System.env.VAULT_SECRET_ID) .getAuthClientToken(); final Vault vault = new Vault( new VaultConfig() .address(System.env.VAULT_ADDR) .engineVersion(1) .token(vaultToken) .build() ) final Map artifactoryCredentials = vault.logical() .read("secret/elasticsearch-ci/artifactory.elstc.co") .getData(); logger.info("Using elastic artifactory repos") Closure configCache = { return { name "artifactory-gradle-release" url "https://artifactory.elstc.co/artifactory/gradle-release" credentials { username artifactoryCredentials.get("username") password artifactoryCredentials.get("token") } } } settingsEvaluated { settings -> settings.pluginManagement { repositories { maven configCache() } } } projectsLoaded { allprojects { buildscript { repositories { maven configCache() } } repositories { maven configCache() } } } if (System.env.GRADLE_BUILD_CACHE_URL != null) { final Map buildCacheCredentials = vault.logical() .read("secret/elasticsearch-ci/gradle-build-cache") .getData(); gradle.settingsEvaluated { settings -> settings.buildCache { remote(HttpBuildCache) { url = System.getenv('GRADLE_BUILD_CACHE_URL') push = Boolean.valueOf(System.getenv('GRADLE_BUILD_CACHE_PUSH') ?: 'false') credentials { username = buildCacheCredentials.get("username") password = buildCacheCredentials.get("password") } } } } }