Jenkins CI / CD on an Open Source Github project with confidential properties files

Question

I'm struggling on doing Jenkins CI/CD pipelines for an Open Source project which has a set of confidential .properties files.

The .properties files are necessary for maintainability in a Spring boot project, and some of the .properties files are confidential, and so must not be disclosed in the open sourced code-base.

For each confidential .properties we provide an example .properties in the open source.

The question is, how do you smoothly (i.e. automize) incorporate the confidential .properties or files in the Jenkins CI/CD pipelines, and have a great version controllability using git over those files? So that those confidential .properties can effect durring every CI/CD phase and so in the production.

This seems to be a hard-to-automize challenge, any comments, suggestions or experiences are appreciated!

---

What I've tried

Git secret

This is a great solution but it doesn't support Windows, so I can't go with it. (Every alternative to git-secret I've found also doesn't support cross-platform.

Answer 1

There is a plugin called Config File Provider Plugin that was a life saver for me. It is able to replace entire config files with the ones stored in JK or just tokens in XML , Json etc.

In pipeline, when you want to replace the whole file, it looks something like this:

 stage('Add Config files') {
        steps {
            configFileProvider([configFile(fileId: 'IDOfTheFileStoredInJenkins', targetLocation: pathToMyFileRelativeToWorkspace/myPropertiesFile')]) {
            // some block, maybe a nice log message
            }
}
}

similar thread: