 Welcome to Google Summer of Code Office Hours. Thanks for being here. It is the 17th of March. What topics do you have that you'd like to bring onto our agenda? So I don't have any question, but I'm just sharing my progress so far. So when I was working with you on the generator, that generator for generating the pipeline step-to-step generator. But then I just like some attracting what was Cloud Events. And from that day, I learned about event-driven architecture, Cloud Events integrated into Java SDK, made a Spring Boot API and passed it and all that specifications. And now I have to look into two source codes of the plugin to gather the same idea of the proposed plugin to receive and to solve the listen and amity. So this week, I will do that work. Excellent. Very good. Others want to share how they're doing. Rishabh, thank you for joining as a mentor. Jeff, thank you for joining as a mentor. Both appreciated. Thank you so much. Yes, I am a team. Hello, everyone. I'm working on Kid Credential's binding plugin. So far, I have stuck at SSH bindings, learning some of this. And right now, Mark, I need some assistance in understanding the rationale of SSH bindings. Like, there's a problem, not a problem, but the thing is, as per the registers in the IDS page, it was mentioned, like, we have to bind a file of passphrase into a non-passphrase kind of file. Like, that thing bugs me, like, how does it go around and what is the behind the scenes working should be like that? OK, that sounds like a good topic for discussion here. So get Credential's binding and Credential's binding and how would it work? Good, all right. Do we want to just dive into that right away so we can look at it together? Or are there other topics that people want to get on the list so we're sure we've got? I have a hard stop in about 25 minutes. So for me, at least, I will need to pass off hosting to someone else if we have more topics than we have time. All right, let's take a look at it. So, Ayanne, it was you wanted to, you were looking at, well, maybe it's best let me share my screen and we can look at the description and then you can tell me which part is unclear and we go further there. Is that OK? Or do you want to share your screen? Either is fine. Yes, yes, yeah, we can surely go ahead. OK, so let's look at my screen then and here's what I think you're referring to this one right here. Let's see, Google Summer of Code 2021 Project Ideas here. And it is this Git credentials binding for SSH and BAT. And let me make it big enough that I can read it. OK, so highlight for me or suggest for me which spot was perplexing to you and let's talk further about it. In the part where the SSH private key was mentioned, username password was very much clear. Like there was simple username password, you have to do that. And all the execution commands, the user will do the Git authenticated commands, the pipeline user will work on the Git. It will be OK. It was simple to bind that environment variables and pass them to the command line. But in the SSH private key, there was a term in the rationale with a passphrase and without passphrase. When there was a bit passphrase, we have to create a file. And in the Jenkins environment, it should be like either it be using a passphrase or not a passphrase. But with a passphrase, a file should be created such that the SSH private key can use without passphrase things. And that thing like a little bit unclear to me like what is going on with that. Like as I am a Git user, I personally use SSH keys. And once I set a passphrase, I don't need to give the passphrase for any time mode. But what it is exactly like in Jenkins. OK, very good. So I think what you're saying is what's the concept to allow this credentials binding idea to do passphrase protected SSH private keys? And I might shift it and offer the suggestion that Jesse Glick offered. What Jesse suggested was, hey, probably better than writing the passphrase onto the local agent, onto the agent, would be use the passphrase inside the plug-in, make a call to an appropriate Java library that will decrypt the private key that's passphrase secured so it is no longer passphrase secured, and then write the private key to the agent that is with that private key not being protected by the passphrase. So the idea was Jesse's suggestion was, hey, let's shift the processing of the passphrase away from having it done on the agent and instead do it on the controller and then pass the decrypted passphrase or the decrypted private key to the agent. So that way you avoid having to write the passphrase to the agent, you avoid the problem of trying to manage how do we get the information about that passphrase down to the agent. Now it means you do have to find a way to convert a passphrase protected private key to one that is not passphrase protected in Java. But Jesse's indication was that those facilities should be available. It's kind of like either it be a passphrase protected or not passphrase protected. We have to convert it to a not protected kind of thing and Jenkins will work on it as it is. Like Jenkins, in Jenkins we store our credentials in using credentials plugin. I am not sure of the name. It is Jenkins Credential Plugin, I guess. So like we can store the passphrase in some kind of other file and convert the, using the passphrase convert that private key file where non-passphrase protected file in the workspace or the agent controller, as you said, kind of like that. Close, right. So it's that the credentials plugin continues to be the thing that owns the passphrase protected private key and it knows the passphrase and it knows the private key. And inside the plugin, what you would do is use the passphrase and use the passphrase protected private key to generate a new private key, a private key that is that private key decrypted so it no longer requires a passphrase. And that is.