diff --git a/docs/examples/README.md b/docs/examples/README.md
index 59e60b97..07dbd0e9 100644
--- a/docs/examples/README.md
+++ b/docs/examples/README.md
@@ -94,6 +94,12 @@ Only AWS AccessKey and SecretKey:
{% include_relative vault-token.yaml %}
{% endhighlight %}
+## X.509 client certificate
+
+{% highlight yaml linenos %}
+{% include_relative x509-client-certificate.yaml %}
+{% endhighlight %}
+
# Custom field mapping
Sometimes you may want the secret to be able to be consumed by another tool as well that has a different requirement for the data fields.
diff --git a/docs/examples/x509-client-certificate.yaml b/docs/examples/x509-client-certificate.yaml
new file mode 100644
index 00000000..8f16f144
--- /dev/null
+++ b/docs/examples/x509-client-certificate.yaml
@@ -0,0 +1,46 @@
+apiVersion: v1
+kind: Secret
+metadata:
+# this is the jenkins id.
+ name: "x509-client-certificate"
+ labels:
+# so we know what type it is.
+ "jenkins.io/credentials-type": "x509ClientCert"
+ annotations:
+# description - can not be a label as spaces are not allowed
+ "jenkins.io/credentials-description" : "credentials from Kubernetes"
+type: Opaque
+stringData:
+ clientCertificate: |
+ -----BEGIN CERTIFICATE-----
+ MIIBYjCCAQygAwIBAgIJAKZlQzqGGWu9MA0GCSqGSIb3DQEBBQUAMEExCzAJBgNV
+ BAYTAlhYMQswCQYDVQQIDAJYWDELMAkGA1UEBwwCWFgxCzAJBgNVBAoMAlhYMQsw
+ CQYDVQQDDAJjYTAeFw0yMjA5MjEwNzQzMzVaFw0yMjEwMjEwNzQzMzVaMBExDzAN
+ BgNVBAMMBmNsaWVudDBcMA0GCSqGSIb3DQEBAQUAA0sAMEgCQQDB/x6RULr5QOYl
+ ulbzZI+8wPZMnrDPwMpP3Kh1MzxJwm1E0LJcI1nY3ePsoIGGQVITNNnjfBbEuYU6
+ 01sljo5/AgMBAAGjFzAVMBMGA1UdJQQMMAoGCCsGAQUFBwMCMA0GCSqGSIb3DQEB
+ BQUAA0EAVP35oeWUOiRaIv9zCDt+3VRMQd6eggmmsx5qyy6ee/mLPpdUWUSt8Ayf
+ AiwAD2dca4XziVtJYVK++VnFGG/5EQ==
+ -----END CERTIFICATE-----
+ clientKeySecret: |
+ -----BEGIN PRIVATE KEY-----
+ MIIBVAIBADANBgkqhkiG9w0BAQEFAASCAT4wggE6AgEAAkEAwf8ekVC6+UDmJbpW
+ 82SPvMD2TJ6wz8DKT9yodTM8ScJtRNCyXCNZ2N3j7KCBhkFSEzTZ43wWxLmFOtNb
+ JY6OfwIDAQABAkAU3CDmUT75pE/bCLFm1I5cJoeVb47ll/5pHfoDODIoYA5LnQy9
+ /z4PNYCyw3Cq9m3+nf+HSRs8JcWuU7u93BaBAiEA/9mPwDrTlDhpILnmbsbIxXkq
+ zeUgypmM1cxQnhtYS78CIQDCHEPgHCdWYCLPnMxUjwrzXtyrIlWJ89j04uOVyN1t
+ QQIhANI4mFYRv/Fk3HSIax+QdD1Vzub4opX1zvOI+qC+xTEPAiBiM/KS+ytbo594
+ 8ZbeYM/leGSjn+cut9NXcUI6kTiVAQIgd/FTmiUryLcSUxzz6YqmU+wU1+ebSHmx
+ U87XDZwmb40=
+ -----END PRIVATE KEY-----
+ serverCaCertificate: |
+ -----BEGIN CERTIFICATE-----
+ MIIBdDCCAR4CCQCgzKd3hWBmXTANBgkqhkiG9w0BAQsFADBBMQswCQYDVQQGEwJY
+ WDELMAkGA1UECAwCWFgxCzAJBgNVBAcMAlhYMQswCQYDVQQKDAJYWDELMAkGA1UE
+ AwwCY2EwHhcNMjIwOTIxMDc0MzM1WhcNMjIxMDIxMDc0MzM1WjBBMQswCQYDVQQG
+ EwJYWDELMAkGA1UECAwCWFgxCzAJBgNVBAcMAlhYMQswCQYDVQQKDAJYWDELMAkG
+ A1UEAwwCY2EwXDANBgkqhkiG9w0BAQEFAANLADBIAkEAruIT3of/2lUvYPY7Azsj
+ AtKZnV6gthB6K70AsgKPp63xdlBrMgg5CYH7Xe7VmLXb7xhHLBHBnRJ3vPbH/m7h
+ swIDAQABMA0GCSqGSIb3DQEBCwUAA0EAfWb62RJ21i7tlbSttmu7by/k4fML31FQ
+ XoR7JjrHmbI+f1BkwSbMVxxadAWpSkk/NNI1+SHR/nYSv/loQ3UjmA==
+ -----END CERTIFICATE-----
diff --git a/pom.xml b/pom.xml
index 469103f5..1062b430 100644
--- a/pom.xml
+++ b/pom.xml
@@ -117,6 +117,21 @@
aws-credentials
1.26
+
+ org.jenkins-ci.plugins
+ docker-commons
+ 1.16
+
+
+ org.jenkinsci.plugins
+ pipeline-model-extensions
+ 1.3.8
+
+
+ org.jenkins-ci.plugins
+ scm-api
+ 2.2.6
+
org.jenkins-ci.plugins
openstack-cloud
@@ -238,6 +253,12 @@
hashicorp-vault-plugin
true
+
+
+ org.jenkins-ci.plugins
+ docker-commons
+ true
+
junit
diff --git a/src/main/java/com/cloudbees/jenkins/plugins/kubernetes_credentials_provider/convertors/DockerServerCredentialsConvertor.java b/src/main/java/com/cloudbees/jenkins/plugins/kubernetes_credentials_provider/convertors/DockerServerCredentialsConvertor.java
new file mode 100644
index 00000000..42f01db9
--- /dev/null
+++ b/src/main/java/com/cloudbees/jenkins/plugins/kubernetes_credentials_provider/convertors/DockerServerCredentialsConvertor.java
@@ -0,0 +1,69 @@
+/*
+ * The MIT License
+ *
+ * Copyright 2022 CloudBees, Inc., @sgybas
+ *
+ * Permission is hereby granted, free of charge, to any person obtaining a copy
+ * of this software and associated documentation files (the "Software"), to deal
+ * in the Software without restriction, including without limitation the rights
+ * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+ * copies of the Software, and to permit persons to whom the Software is
+ * furnished to do so, subject to the following conditions:
+ *
+ * The above copyright notice and this permission notice shall be included in
+ * all copies or substantial portions of the Software.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+ * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+ * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+ * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+ * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+ * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
+ * THE SOFTWARE.
+ */
+package com.cloudbees.jenkins.plugins.kubernetes_credentials_provider.convertors;
+
+import com.cloudbees.jenkins.plugins.kubernetes_credentials_provider.CredentialsConvertionException;
+import com.cloudbees.jenkins.plugins.kubernetes_credentials_provider.SecretToCredentialConverter;
+import com.cloudbees.jenkins.plugins.kubernetes_credentials_provider.SecretUtils;
+import io.fabric8.kubernetes.api.model.Secret;
+import org.jenkinsci.plugins.docker.commons.credentials.DockerServerCredentials;
+import org.jenkinsci.plugins.variant.OptionalExtension;
+
+@OptionalExtension(requirePlugins = {"docker-commons"})
+public class DockerServerCredentialsConvertor extends SecretToCredentialConverter {
+
+ @Override
+ public boolean canConvert(String type) {
+ return "x509ClientCert".equals(type);
+ }
+
+ @Override
+ public DockerServerCredentials convert(Secret secret) throws CredentialsConvertionException {
+
+ SecretUtils.requireNonNull(secret.getData(), "X.509 client certificate definition contains no data");
+
+ String clientCertificateBase64 = SecretUtils.getNonNullSecretData(secret, "clientCertificate", "X.509 client certificate is missing the clientCertificate entry");
+ String clientCertificate = SecretUtils.requireNonNull(SecretUtils.base64DecodeToString(clientCertificateBase64), "X.509 client certificate has an invalid clientCertificate entry (must be base64 encoded UTF-8)");
+
+ String clientKeySecretBase64 = SecretUtils.getNonNullSecretData(secret, "clientKeySecret", "X.509 client certificate is missing the clientKeySecret entry");
+ String clientKeySecret = SecretUtils.requireNonNull(SecretUtils.base64DecodeToString(clientKeySecretBase64), "X.509 client certificate has an invalid clientKeySecret entry (must be base64 encoded UTF-8)");
+
+ String serverCaCertificateBase64 = SecretUtils.getNonNullSecretData(secret, "serverCaCertificate", "X.509 client certificate is missing the serverCaCertificate entry");
+ String serverCaCertificate = SecretUtils.requireNonNull(SecretUtils.base64DecodeToString(serverCaCertificateBase64), "X.509 client certificate has an invalid serverCaCertificate entry (must be base64 encoded UTF-8)");
+
+ return new DockerServerCredentials(
+ // scope
+ SecretUtils.getCredentialScope(secret),
+ // id
+ SecretUtils.getCredentialId(secret),
+ // description
+ SecretUtils.getCredentialDescription(secret),
+ // clientKeySecret
+ hudson.util.Secret.fromString(clientKeySecret),
+ // clientCertificate
+ clientCertificate,
+ // serverCaCertificate
+ serverCaCertificate);
+ }
+}
diff --git a/src/test/java/com/cloudbees/jenkins/plugins/kubernetes_credentials_provider/convertors/DockerServerCredentialsConvertorTest.java b/src/test/java/com/cloudbees/jenkins/plugins/kubernetes_credentials_provider/convertors/DockerServerCredentialsConvertorTest.java
new file mode 100644
index 00000000..33fa5baa
--- /dev/null
+++ b/src/test/java/com/cloudbees/jenkins/plugins/kubernetes_credentials_provider/convertors/DockerServerCredentialsConvertorTest.java
@@ -0,0 +1,145 @@
+/*
+ * The MIT License
+ *
+ * Copyright 2022 CloudBees, Inc., @sgybas
+ *
+ * Permission is hereby granted, free of charge, to any person obtaining a copy
+ * of this software and associated documentation files (the "Software"), to deal
+ * in the Software without restriction, including without limitation the rights
+ * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+ * copies of the Software, and to permit persons to whom the Software is
+ * furnished to do so, subject to the following conditions:
+ *
+ * The above copyright notice and this permission notice shall be included in
+ * all copies or substantial portions of the Software.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+ * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+ * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+ * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+ * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+ * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
+ * THE SOFTWARE.
+ */
+package com.cloudbees.jenkins.plugins.kubernetes_credentials_provider.convertors;
+
+import com.cloudbees.jenkins.plugins.kubernetes_credentials_provider.CredentialsConvertionException;
+import com.cloudbees.plugins.credentials.CredentialsScope;
+import hudson.util.Secret;
+import org.jenkinsci.plugins.docker.commons.credentials.DockerServerCredentials;
+import org.junit.Test;
+
+import java.io.IOException;
+
+import static org.hamcrest.CoreMatchers.is;
+import static org.hamcrest.MatcherAssert.assertThat;
+
+public class DockerServerCredentialsConvertorTest extends AbstractConverterTest {
+
+ private final String clientCertificate = "-----BEGIN CERTIFICATE-----\n" +
+ "MIIBYjCCAQygAwIBAgIJAKZlQzqGGWu9MA0GCSqGSIb3DQEBBQUAMEExCzAJBgNV\n" +
+ "BAYTAlhYMQswCQYDVQQIDAJYWDELMAkGA1UEBwwCWFgxCzAJBgNVBAoMAlhYMQsw\n" +
+ "CQYDVQQDDAJjYTAeFw0yMjA5MjEwNzQzMzVaFw0yMjEwMjEwNzQzMzVaMBExDzAN\n" +
+ "BgNVBAMMBmNsaWVudDBcMA0GCSqGSIb3DQEBAQUAA0sAMEgCQQDB/x6RULr5QOYl\n" +
+ "ulbzZI+8wPZMnrDPwMpP3Kh1MzxJwm1E0LJcI1nY3ePsoIGGQVITNNnjfBbEuYU6\n" +
+ "01sljo5/AgMBAAGjFzAVMBMGA1UdJQQMMAoGCCsGAQUFBwMCMA0GCSqGSIb3DQEB\n" +
+ "BQUAA0EAVP35oeWUOiRaIv9zCDt+3VRMQd6eggmmsx5qyy6ee/mLPpdUWUSt8Ayf\n" +
+ "AiwAD2dca4XziVtJYVK++VnFGG/5EQ==\n" +
+ "-----END CERTIFICATE-----";
+
+ private final String clientKeySecret = "-----BEGIN PRIVATE KEY-----\n" +
+ "MIIBVAIBADANBgkqhkiG9w0BAQEFAASCAT4wggE6AgEAAkEAwf8ekVC6+UDmJbpW\n" +
+ "82SPvMD2TJ6wz8DKT9yodTM8ScJtRNCyXCNZ2N3j7KCBhkFSEzTZ43wWxLmFOtNb\n" +
+ "JY6OfwIDAQABAkAU3CDmUT75pE/bCLFm1I5cJoeVb47ll/5pHfoDODIoYA5LnQy9\n" +
+ "/z4PNYCyw3Cq9m3+nf+HSRs8JcWuU7u93BaBAiEA/9mPwDrTlDhpILnmbsbIxXkq\n" +
+ "zeUgypmM1cxQnhtYS78CIQDCHEPgHCdWYCLPnMxUjwrzXtyrIlWJ89j04uOVyN1t\n" +
+ "QQIhANI4mFYRv/Fk3HSIax+QdD1Vzub4opX1zvOI+qC+xTEPAiBiM/KS+ytbo594\n" +
+ "8ZbeYM/leGSjn+cut9NXcUI6kTiVAQIgd/FTmiUryLcSUxzz6YqmU+wU1+ebSHmx\n" +
+ "U87XDZwmb40=\n" +
+ "-----END PRIVATE KEY-----\n";
+
+ private final String serverCaCertificate = "-----BEGIN CERTIFICATE-----\n" +
+ "MIIBdDCCAR4CCQCgzKd3hWBmXTANBgkqhkiG9w0BAQsFADBBMQswCQYDVQQGEwJY\n" +
+ "WDELMAkGA1UECAwCWFgxCzAJBgNVBAcMAlhYMQswCQYDVQQKDAJYWDELMAkGA1UE\n" +
+ "AwwCY2EwHhcNMjIwOTIxMDc0MzM1WhcNMjIxMDIxMDc0MzM1WjBBMQswCQYDVQQG\n" +
+ "EwJYWDELMAkGA1UECAwCWFgxCzAJBgNVBAcMAlhYMQswCQYDVQQKDAJYWDELMAkG\n" +
+ "A1UEAwwCY2EwXDANBgkqhkiG9w0BAQEFAANLADBIAkEAruIT3of/2lUvYPY7Azsj\n" +
+ "AtKZnV6gthB6K70AsgKPp63xdlBrMgg5CYH7Xe7VmLXb7xhHLBHBnRJ3vPbH/m7h\n" +
+ "swIDAQABMA0GCSqGSIb3DQEBCwUAA0EAfWb62RJ21i7tlbSttmu7by/k4fML31FQ\n" +
+ "XoR7JjrHmbI+f1BkwSbMVxxadAWpSkk/NNI1+SHR/nYSv/loQ3UjmA==\n" +
+ "-----END CERTIFICATE-----";
+
+ private DockerServerCredentialsConvertor convertor = new DockerServerCredentialsConvertor();
+
+ @Test
+ public void canConvert() throws Exception {
+ assertThat("correct registration of valid type", convertor.canConvert("x509ClientCert"), is(true));
+ assertThat("incorrect type is rejected", convertor.canConvert("somethingElse"), is(false));
+ }
+
+ @Test
+ public void canConvertAValidSecret() throws CredentialsConvertionException, IOException {
+ testExpectedCredentials("valid.yaml", "x509-valid", "Valid X.509 client certificate", CredentialsScope.GLOBAL);
+ }
+
+ @Test
+ public void canConvertAValidSecretWithNoDescription() throws CredentialsConvertionException, IOException {
+ testExpectedCredentials("validNoDescription.yaml", "x509-valid-no-description", "", CredentialsScope.GLOBAL);
+ }
+
+ @Test
+ public void canConvertAValidMappedSecret() throws CredentialsConvertionException, IOException {
+ testExpectedCredentials("validMapped.yaml", "x509-valid-mapped", "Valid mapped X.509 client certificate", CredentialsScope.GLOBAL);
+ }
+
+ @Test
+ public void canConvertAValidScopedSecret() throws CredentialsConvertionException, IOException {
+ testExpectedCredentials("validScoped.yaml", "x509-valid-scoped", "Valid scoped X.509 client certificate", CredentialsScope.SYSTEM);
+ }
+
+ @Test
+ public void failsToConvertWhenDataIsEmpty() throws IOException {
+ testNoData(convertor);
+ }
+
+ @Test
+ public void failsToConvertWhenClientCertificatIsCorrupt() throws IOException {
+ testCorruptField(convertor, "clientCertificate");
+ }
+
+ @Test
+ public void failsToConvertWhenClientKeySecretIsCorrupt() throws IOException {
+ testCorruptField(convertor, "clientKeySecret");
+ }
+
+ @Test
+ public void failsToConvertWhenServerCaCertificatIsCorrupt() throws IOException {
+ testCorruptField(convertor, "serverCaCertificate");
+ }
+
+ @Test
+ public void failsToConvertWhenClientCertificateIsMissing() throws IOException {
+ testMissingField(convertor, "clientCertificate");
+ }
+
+ @Test
+ public void failsToConvertWhenClientKeySecretIsMissing() throws IOException {
+ testMissingField(convertor, "clientKeySecret");
+ }
+
+ @Test
+ public void failsToConvertWhenServerCaCertificateIsMissing() throws IOException {
+ testMissingField(convertor, "serverCaCertificate");
+ }
+
+ private void testExpectedCredentials(String resource, String id, String description, CredentialsScope scope) throws CredentialsConvertionException, IOException {
+ DockerServerCredentials credential = convertor.convert(getSecret(resource));
+
+ assertThat("credential id is mapped correctly", credential.getId(), is(id));
+ assertThat("credential description is mapped correctly", credential.getDescription(), is(description));
+ assertThat("credential scope is mapped correctly", credential.getScope(), is(scope));
+ assertThat("credential clientCertificate is mapped correctly", credential.getClientCertificate(), is(clientCertificate));
+ assertThat("credential clientKeySecret is mapped correctly", Secret.toString(credential.getClientKeySecret()), is(clientKeySecret));
+ assertThat("credential serverCaCertificate is mapped correctly", credential.getServerCaCertificate(), is(serverCaCertificate));
+ }
+}
diff --git a/src/test/resources/com/cloudbees/jenkins/plugins/kubernetes_credentials_provider/convertors/DockerServerCredentialsConvertorTest/corruptClientCertificate.yaml b/src/test/resources/com/cloudbees/jenkins/plugins/kubernetes_credentials_provider/convertors/DockerServerCredentialsConvertorTest/corruptClientCertificate.yaml
new file mode 100644
index 00000000..c0bd9b2d
--- /dev/null
+++ b/src/test/resources/com/cloudbees/jenkins/plugins/kubernetes_credentials_provider/convertors/DockerServerCredentialsConvertorTest/corruptClientCertificate.yaml
@@ -0,0 +1,13 @@
+apiVersion: v1
+kind: Secret
+metadata:
+ name: "x509-corrupt-field"
+ labels:
+ jenkins.io/credentials-type: "x509ClientCert"
+ annotations:
+ jenkins.io/credentials-description: "X.509 client certificate with corrupt field"
+type: Opaque
+data:
+ clientCertificate: "This is not base 64"
+ clientKeySecret: LS0tLS1CRUdJTiBQUklWQVRFIEtFWS0tLS0tCk1JSUJWQUlCQURBTkJna3Foa2lHOXcwQkFRRUZBQVNDQVQ0d2dnRTZBZ0VBQWtFQXdmOGVrVkM2K1VEbUpicFcKODJTUHZNRDJUSjZ3ejhES1Q5eW9kVE04U2NKdFJOQ3lYQ05aMk4zajdLQ0Joa0ZTRXpUWjQzd1d4TG1GT3ROYgpKWTZPZndJREFRQUJBa0FVM0NEbVVUNzVwRS9iQ0xGbTFJNWNKb2VWYjQ3bGwvNXBIZm9ET0RJb1lBNUxuUXk5Ci96NFBOWUN5dzNDcTltMytuZitIU1JzOEpjV3VVN3U5M0JhQkFpRUEvOW1Qd0RyVGxEaHBJTG5tYnNiSXhYa3EKemVVZ3lwbU0xY3hRbmh0WVM3OENJUURDSEVQZ0hDZFdZQ0xQbk14VWp3cnpYdHlySWxXSjg5ajA0dU9WeU4xdApRUUloQU5JNG1GWVJ2L0ZrM0hTSWF4K1FkRDFWenViNG9wWDF6dk9JK3FDK3hURVBBaUJpTS9LUyt5dGJvNTk0CjhaYmVZTS9sZUdTam4rY3V0OU5YY1VJNmtUaVZBUUlnZC9GVG1pVXJ5TGNTVXh6ejZZcW1VK3dVMStlYlNIbXgKVTg3WERad21iNDA9Ci0tLS0tRU5EIFBSSVZBVEUgS0VZLS0tLS0K
+ serverCaCertificate: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSUJkRENDQVI0Q0NRQ2d6S2QzaFdCbVhUQU5CZ2txaGtpRzl3MEJBUXNGQURCQk1Rc3dDUVlEVlFRR0V3SlkKV0RFTE1Ba0dBMVVFQ0F3Q1dGZ3hDekFKQmdOVkJBY01BbGhZTVFzd0NRWURWUVFLREFKWVdERUxNQWtHQTFVRQpBd3dDWTJFd0hoY05Nakl3T1RJeE1EYzBNek0xV2hjTk1qSXhNREl4TURjME16TTFXakJCTVFzd0NRWURWUVFHCkV3SllXREVMTUFrR0ExVUVDQXdDV0ZneEN6QUpCZ05WQkFjTUFsaFlNUXN3Q1FZRFZRUUtEQUpZV0RFTE1Ba0cKQTFVRUF3d0NZMkV3WERBTkJna3Foa2lHOXcwQkFRRUZBQU5MQURCSUFrRUFydUlUM29mLzJsVXZZUFk3QXpzagpBdEtablY2Z3RoQjZLNzBBc2dLUHA2M3hkbEJyTWdnNUNZSDdYZTdWbUxYYjd4aEhMQkhCblJKM3ZQYkgvbTdoCnN3SURBUUFCTUEwR0NTcUdTSWIzRFFFQkN3VUFBMEVBZldiNjJSSjIxaTd0bGJTdHRtdTdieS9rNGZNTDMxRlEKWG9SN0pqckhtYkkrZjFCa3dTYk1WeHhhZEFXcFNray9OTkkxK1NIUi9uWVN2L2xvUTNVam1BPT0KLS0tLS1FTkQgQ0VSVElGSUNBVEUtLS0tLQo=
diff --git a/src/test/resources/com/cloudbees/jenkins/plugins/kubernetes_credentials_provider/convertors/DockerServerCredentialsConvertorTest/corruptClientKeySecret.yaml b/src/test/resources/com/cloudbees/jenkins/plugins/kubernetes_credentials_provider/convertors/DockerServerCredentialsConvertorTest/corruptClientKeySecret.yaml
new file mode 100644
index 00000000..5257cdc8
--- /dev/null
+++ b/src/test/resources/com/cloudbees/jenkins/plugins/kubernetes_credentials_provider/convertors/DockerServerCredentialsConvertorTest/corruptClientKeySecret.yaml
@@ -0,0 +1,13 @@
+apiVersion: v1
+kind: Secret
+metadata:
+ name: "x509-corrupt-field"
+ labels:
+ jenkins.io/credentials-type: "x509ClientCert"
+ annotations:
+ jenkins.io/credentials-description: "X.509 client certificate with corrupt field"
+type: Opaque
+data:
+ clientCertificate: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSUJZakNDQVF5Z0F3SUJBZ0lKQUtabFF6cUdHV3U5TUEwR0NTcUdTSWIzRFFFQkJRVUFNRUV4Q3pBSkJnTlYKQkFZVEFsaFlNUXN3Q1FZRFZRUUlEQUpZV0RFTE1Ba0dBMVVFQnd3Q1dGZ3hDekFKQmdOVkJBb01BbGhZTVFzdwpDUVlEVlFRRERBSmpZVEFlRncweU1qQTVNakV3TnpRek16VmFGdzB5TWpFd01qRXdOelF6TXpWYU1CRXhEekFOCkJnTlZCQU1NQm1Oc2FXVnVkREJjTUEwR0NTcUdTSWIzRFFFQkFRVUFBMHNBTUVnQ1FRREIveDZSVUxyNVFPWWwKdWxielpJKzh3UFpNbnJEUHdNcFAzS2gxTXp4SndtMUUwTEpjSTFuWTNlUHNvSUdHUVZJVE5ObmpmQmJFdVlVNgowMXNsam81L0FnTUJBQUdqRnpBVk1CTUdBMVVkSlFRTU1Bb0dDQ3NHQVFVRkJ3TUNNQTBHQ1NxR1NJYjNEUUVCCkJRVUFBMEVBVlAzNW9lV1VPaVJhSXY5ekNEdCszVlJNUWQ2ZWdnbW1zeDVxeXk2ZWUvbUxQcGRVV1VTdDhBeWYKQWl3QUQyZGNhNFh6aVZ0SllWSysrVm5GR0cvNUVRPT0KLS0tLS1FTkQgQ0VSVElGSUNBVEUtLS0tLQo=
+ clientKeySecret: "This is not base 64"
+ serverCaCertificate: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSUJkRENDQVI0Q0NRQ2d6S2QzaFdCbVhUQU5CZ2txaGtpRzl3MEJBUXNGQURCQk1Rc3dDUVlEVlFRR0V3SlkKV0RFTE1Ba0dBMVVFQ0F3Q1dGZ3hDekFKQmdOVkJBY01BbGhZTVFzd0NRWURWUVFLREFKWVdERUxNQWtHQTFVRQpBd3dDWTJFd0hoY05Nakl3T1RJeE1EYzBNek0xV2hjTk1qSXhNREl4TURjME16TTFXakJCTVFzd0NRWURWUVFHCkV3SllXREVMTUFrR0ExVUVDQXdDV0ZneEN6QUpCZ05WQkFjTUFsaFlNUXN3Q1FZRFZRUUtEQUpZV0RFTE1Ba0cKQTFVRUF3d0NZMkV3WERBTkJna3Foa2lHOXcwQkFRRUZBQU5MQURCSUFrRUFydUlUM29mLzJsVXZZUFk3QXpzagpBdEtablY2Z3RoQjZLNzBBc2dLUHA2M3hkbEJyTWdnNUNZSDdYZTdWbUxYYjd4aEhMQkhCblJKM3ZQYkgvbTdoCnN3SURBUUFCTUEwR0NTcUdTSWIzRFFFQkN3VUFBMEVBZldiNjJSSjIxaTd0bGJTdHRtdTdieS9rNGZNTDMxRlEKWG9SN0pqckhtYkkrZjFCa3dTYk1WeHhhZEFXcFNray9OTkkxK1NIUi9uWVN2L2xvUTNVam1BPT0KLS0tLS1FTkQgQ0VSVElGSUNBVEUtLS0tLQo=
diff --git a/src/test/resources/com/cloudbees/jenkins/plugins/kubernetes_credentials_provider/convertors/DockerServerCredentialsConvertorTest/corruptServerCaCertificate.yaml b/src/test/resources/com/cloudbees/jenkins/plugins/kubernetes_credentials_provider/convertors/DockerServerCredentialsConvertorTest/corruptServerCaCertificate.yaml
new file mode 100644
index 00000000..b7a73bd3
--- /dev/null
+++ b/src/test/resources/com/cloudbees/jenkins/plugins/kubernetes_credentials_provider/convertors/DockerServerCredentialsConvertorTest/corruptServerCaCertificate.yaml
@@ -0,0 +1,13 @@
+apiVersion: v1
+kind: Secret
+metadata:
+ name: "x509-corrupt-field"
+ labels:
+ jenkins.io/credentials-type: "x509ClientCert"
+ annotations:
+ jenkins.io/credentials-description: "X.509 client certificate with corrupt field"
+type: Opaque
+data:
+ clientCertificate: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSUJZakNDQVF5Z0F3SUJBZ0lKQUtabFF6cUdHV3U5TUEwR0NTcUdTSWIzRFFFQkJRVUFNRUV4Q3pBSkJnTlYKQkFZVEFsaFlNUXN3Q1FZRFZRUUlEQUpZV0RFTE1Ba0dBMVVFQnd3Q1dGZ3hDekFKQmdOVkJBb01BbGhZTVFzdwpDUVlEVlFRRERBSmpZVEFlRncweU1qQTVNakV3TnpRek16VmFGdzB5TWpFd01qRXdOelF6TXpWYU1CRXhEekFOCkJnTlZCQU1NQm1Oc2FXVnVkREJjTUEwR0NTcUdTSWIzRFFFQkFRVUFBMHNBTUVnQ1FRREIveDZSVUxyNVFPWWwKdWxielpJKzh3UFpNbnJEUHdNcFAzS2gxTXp4SndtMUUwTEpjSTFuWTNlUHNvSUdHUVZJVE5ObmpmQmJFdVlVNgowMXNsam81L0FnTUJBQUdqRnpBVk1CTUdBMVVkSlFRTU1Bb0dDQ3NHQVFVRkJ3TUNNQTBHQ1NxR1NJYjNEUUVCCkJRVUFBMEVBVlAzNW9lV1VPaVJhSXY5ekNEdCszVlJNUWQ2ZWdnbW1zeDVxeXk2ZWUvbUxQcGRVV1VTdDhBeWYKQWl3QUQyZGNhNFh6aVZ0SllWSysrVm5GR0cvNUVRPT0KLS0tLS1FTkQgQ0VSVElGSUNBVEUtLS0tLQo=
+ clientKeySecret: LS0tLS1CRUdJTiBQUklWQVRFIEtFWS0tLS0tCk1JSUJWQUlCQURBTkJna3Foa2lHOXcwQkFRRUZBQVNDQVQ0d2dnRTZBZ0VBQWtFQXdmOGVrVkM2K1VEbUpicFcKODJTUHZNRDJUSjZ3ejhES1Q5eW9kVE04U2NKdFJOQ3lYQ05aMk4zajdLQ0Joa0ZTRXpUWjQzd1d4TG1GT3ROYgpKWTZPZndJREFRQUJBa0FVM0NEbVVUNzVwRS9iQ0xGbTFJNWNKb2VWYjQ3bGwvNXBIZm9ET0RJb1lBNUxuUXk5Ci96NFBOWUN5dzNDcTltMytuZitIU1JzOEpjV3VVN3U5M0JhQkFpRUEvOW1Qd0RyVGxEaHBJTG5tYnNiSXhYa3EKemVVZ3lwbU0xY3hRbmh0WVM3OENJUURDSEVQZ0hDZFdZQ0xQbk14VWp3cnpYdHlySWxXSjg5ajA0dU9WeU4xdApRUUloQU5JNG1GWVJ2L0ZrM0hTSWF4K1FkRDFWenViNG9wWDF6dk9JK3FDK3hURVBBaUJpTS9LUyt5dGJvNTk0CjhaYmVZTS9sZUdTam4rY3V0OU5YY1VJNmtUaVZBUUlnZC9GVG1pVXJ5TGNTVXh6ejZZcW1VK3dVMStlYlNIbXgKVTg3WERad21iNDA9Ci0tLS0tRU5EIFBSSVZBVEUgS0VZLS0tLS0K
+ serverCaCertificate: "This is not base 64"
diff --git a/src/test/resources/com/cloudbees/jenkins/plugins/kubernetes_credentials_provider/convertors/DockerServerCredentialsConvertorTest/missingClientCertificate.yaml b/src/test/resources/com/cloudbees/jenkins/plugins/kubernetes_credentials_provider/convertors/DockerServerCredentialsConvertorTest/missingClientCertificate.yaml
new file mode 100644
index 00000000..2d827ef3
--- /dev/null
+++ b/src/test/resources/com/cloudbees/jenkins/plugins/kubernetes_credentials_provider/convertors/DockerServerCredentialsConvertorTest/missingClientCertificate.yaml
@@ -0,0 +1,12 @@
+apiVersion: v1
+kind: Secret
+metadata:
+ name: "x509-missing-field"
+ labels:
+ jenkins.io/credentials-type: "x509ClientCert"
+ annotations:
+ jenkins.io/credentials-description: "X.509 client certificate with missing field"
+type: Opaque
+data:
+ clientKeySecret: LS0tLS1CRUdJTiBQUklWQVRFIEtFWS0tLS0tCk1JSUJWQUlCQURBTkJna3Foa2lHOXcwQkFRRUZBQVNDQVQ0d2dnRTZBZ0VBQWtFQXdmOGVrVkM2K1VEbUpicFcKODJTUHZNRDJUSjZ3ejhES1Q5eW9kVE04U2NKdFJOQ3lYQ05aMk4zajdLQ0Joa0ZTRXpUWjQzd1d4TG1GT3ROYgpKWTZPZndJREFRQUJBa0FVM0NEbVVUNzVwRS9iQ0xGbTFJNWNKb2VWYjQ3bGwvNXBIZm9ET0RJb1lBNUxuUXk5Ci96NFBOWUN5dzNDcTltMytuZitIU1JzOEpjV3VVN3U5M0JhQkFpRUEvOW1Qd0RyVGxEaHBJTG5tYnNiSXhYa3EKemVVZ3lwbU0xY3hRbmh0WVM3OENJUURDSEVQZ0hDZFdZQ0xQbk14VWp3cnpYdHlySWxXSjg5ajA0dU9WeU4xdApRUUloQU5JNG1GWVJ2L0ZrM0hTSWF4K1FkRDFWenViNG9wWDF6dk9JK3FDK3hURVBBaUJpTS9LUyt5dGJvNTk0CjhaYmVZTS9sZUdTam4rY3V0OU5YY1VJNmtUaVZBUUlnZC9GVG1pVXJ5TGNTVXh6ejZZcW1VK3dVMStlYlNIbXgKVTg3WERad21iNDA9Ci0tLS0tRU5EIFBSSVZBVEUgS0VZLS0tLS0K
+ serverCaCertificate: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSUJkRENDQVI0Q0NRQ2d6S2QzaFdCbVhUQU5CZ2txaGtpRzl3MEJBUXNGQURCQk1Rc3dDUVlEVlFRR0V3SlkKV0RFTE1Ba0dBMVVFQ0F3Q1dGZ3hDekFKQmdOVkJBY01BbGhZTVFzd0NRWURWUVFLREFKWVdERUxNQWtHQTFVRQpBd3dDWTJFd0hoY05Nakl3T1RJeE1EYzBNek0xV2hjTk1qSXhNREl4TURjME16TTFXakJCTVFzd0NRWURWUVFHCkV3SllXREVMTUFrR0ExVUVDQXdDV0ZneEN6QUpCZ05WQkFjTUFsaFlNUXN3Q1FZRFZRUUtEQUpZV0RFTE1Ba0cKQTFVRUF3d0NZMkV3WERBTkJna3Foa2lHOXcwQkFRRUZBQU5MQURCSUFrRUFydUlUM29mLzJsVXZZUFk3QXpzagpBdEtablY2Z3RoQjZLNzBBc2dLUHA2M3hkbEJyTWdnNUNZSDdYZTdWbUxYYjd4aEhMQkhCblJKM3ZQYkgvbTdoCnN3SURBUUFCTUEwR0NTcUdTSWIzRFFFQkN3VUFBMEVBZldiNjJSSjIxaTd0bGJTdHRtdTdieS9rNGZNTDMxRlEKWG9SN0pqckhtYkkrZjFCa3dTYk1WeHhhZEFXcFNray9OTkkxK1NIUi9uWVN2L2xvUTNVam1BPT0KLS0tLS1FTkQgQ0VSVElGSUNBVEUtLS0tLQo=
diff --git a/src/test/resources/com/cloudbees/jenkins/plugins/kubernetes_credentials_provider/convertors/DockerServerCredentialsConvertorTest/missingClientKeySecret.yaml b/src/test/resources/com/cloudbees/jenkins/plugins/kubernetes_credentials_provider/convertors/DockerServerCredentialsConvertorTest/missingClientKeySecret.yaml
new file mode 100644
index 00000000..e2d13de3
--- /dev/null
+++ b/src/test/resources/com/cloudbees/jenkins/plugins/kubernetes_credentials_provider/convertors/DockerServerCredentialsConvertorTest/missingClientKeySecret.yaml
@@ -0,0 +1,12 @@
+apiVersion: v1
+kind: Secret
+metadata:
+ name: "x509-missing-field"
+ labels:
+ jenkins.io/credentials-type: "x509ClientCert"
+ annotations:
+ jenkins.io/credentials-description: "X.509 client certificate with missing field"
+type: Opaque
+data:
+ clientCertificate: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSUJZakNDQVF5Z0F3SUJBZ0lKQUtabFF6cUdHV3U5TUEwR0NTcUdTSWIzRFFFQkJRVUFNRUV4Q3pBSkJnTlYKQkFZVEFsaFlNUXN3Q1FZRFZRUUlEQUpZV0RFTE1Ba0dBMVVFQnd3Q1dGZ3hDekFKQmdOVkJBb01BbGhZTVFzdwpDUVlEVlFRRERBSmpZVEFlRncweU1qQTVNakV3TnpRek16VmFGdzB5TWpFd01qRXdOelF6TXpWYU1CRXhEekFOCkJnTlZCQU1NQm1Oc2FXVnVkREJjTUEwR0NTcUdTSWIzRFFFQkFRVUFBMHNBTUVnQ1FRREIveDZSVUxyNVFPWWwKdWxielpJKzh3UFpNbnJEUHdNcFAzS2gxTXp4SndtMUUwTEpjSTFuWTNlUHNvSUdHUVZJVE5ObmpmQmJFdVlVNgowMXNsam81L0FnTUJBQUdqRnpBVk1CTUdBMVVkSlFRTU1Bb0dDQ3NHQVFVRkJ3TUNNQTBHQ1NxR1NJYjNEUUVCCkJRVUFBMEVBVlAzNW9lV1VPaVJhSXY5ekNEdCszVlJNUWQ2ZWdnbW1zeDVxeXk2ZWUvbUxQcGRVV1VTdDhBeWYKQWl3QUQyZGNhNFh6aVZ0SllWSysrVm5GR0cvNUVRPT0KLS0tLS1FTkQgQ0VSVElGSUNBVEUtLS0tLQo=
+ serverCaCertificate: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSUJkRENDQVI0Q0NRQ2d6S2QzaFdCbVhUQU5CZ2txaGtpRzl3MEJBUXNGQURCQk1Rc3dDUVlEVlFRR0V3SlkKV0RFTE1Ba0dBMVVFQ0F3Q1dGZ3hDekFKQmdOVkJBY01BbGhZTVFzd0NRWURWUVFLREFKWVdERUxNQWtHQTFVRQpBd3dDWTJFd0hoY05Nakl3T1RJeE1EYzBNek0xV2hjTk1qSXhNREl4TURjME16TTFXakJCTVFzd0NRWURWUVFHCkV3SllXREVMTUFrR0ExVUVDQXdDV0ZneEN6QUpCZ05WQkFjTUFsaFlNUXN3Q1FZRFZRUUtEQUpZV0RFTE1Ba0cKQTFVRUF3d0NZMkV3WERBTkJna3Foa2lHOXcwQkFRRUZBQU5MQURCSUFrRUFydUlUM29mLzJsVXZZUFk3QXpzagpBdEtablY2Z3RoQjZLNzBBc2dLUHA2M3hkbEJyTWdnNUNZSDdYZTdWbUxYYjd4aEhMQkhCblJKM3ZQYkgvbTdoCnN3SURBUUFCTUEwR0NTcUdTSWIzRFFFQkN3VUFBMEVBZldiNjJSSjIxaTd0bGJTdHRtdTdieS9rNGZNTDMxRlEKWG9SN0pqckhtYkkrZjFCa3dTYk1WeHhhZEFXcFNray9OTkkxK1NIUi9uWVN2L2xvUTNVam1BPT0KLS0tLS1FTkQgQ0VSVElGSUNBVEUtLS0tLQo=
diff --git a/src/test/resources/com/cloudbees/jenkins/plugins/kubernetes_credentials_provider/convertors/DockerServerCredentialsConvertorTest/missingServerCaCertificate.yaml b/src/test/resources/com/cloudbees/jenkins/plugins/kubernetes_credentials_provider/convertors/DockerServerCredentialsConvertorTest/missingServerCaCertificate.yaml
new file mode 100644
index 00000000..3e4dda3a
--- /dev/null
+++ b/src/test/resources/com/cloudbees/jenkins/plugins/kubernetes_credentials_provider/convertors/DockerServerCredentialsConvertorTest/missingServerCaCertificate.yaml
@@ -0,0 +1,12 @@
+apiVersion: v1
+kind: Secret
+metadata:
+ name: "x509-missing-field"
+ labels:
+ jenkins.io/credentials-type: "x509ClientCert"
+ annotations:
+ jenkins.io/credentials-description: "X.509 client certificate with missing field"
+type: Opaque
+data:
+ clientCertificate: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSUJZakNDQVF5Z0F3SUJBZ0lKQUtabFF6cUdHV3U5TUEwR0NTcUdTSWIzRFFFQkJRVUFNRUV4Q3pBSkJnTlYKQkFZVEFsaFlNUXN3Q1FZRFZRUUlEQUpZV0RFTE1Ba0dBMVVFQnd3Q1dGZ3hDekFKQmdOVkJBb01BbGhZTVFzdwpDUVlEVlFRRERBSmpZVEFlRncweU1qQTVNakV3TnpRek16VmFGdzB5TWpFd01qRXdOelF6TXpWYU1CRXhEekFOCkJnTlZCQU1NQm1Oc2FXVnVkREJjTUEwR0NTcUdTSWIzRFFFQkFRVUFBMHNBTUVnQ1FRREIveDZSVUxyNVFPWWwKdWxielpJKzh3UFpNbnJEUHdNcFAzS2gxTXp4SndtMUUwTEpjSTFuWTNlUHNvSUdHUVZJVE5ObmpmQmJFdVlVNgowMXNsam81L0FnTUJBQUdqRnpBVk1CTUdBMVVkSlFRTU1Bb0dDQ3NHQVFVRkJ3TUNNQTBHQ1NxR1NJYjNEUUVCCkJRVUFBMEVBVlAzNW9lV1VPaVJhSXY5ekNEdCszVlJNUWQ2ZWdnbW1zeDVxeXk2ZWUvbUxQcGRVV1VTdDhBeWYKQWl3QUQyZGNhNFh6aVZ0SllWSysrVm5GR0cvNUVRPT0KLS0tLS1FTkQgQ0VSVElGSUNBVEUtLS0tLQo=
+ clientKeySecret: LS0tLS1CRUdJTiBQUklWQVRFIEtFWS0tLS0tCk1JSUJWQUlCQURBTkJna3Foa2lHOXcwQkFRRUZBQVNDQVQ0d2dnRTZBZ0VBQWtFQXdmOGVrVkM2K1VEbUpicFcKODJTUHZNRDJUSjZ3ejhES1Q5eW9kVE04U2NKdFJOQ3lYQ05aMk4zajdLQ0Joa0ZTRXpUWjQzd1d4TG1GT3ROYgpKWTZPZndJREFRQUJBa0FVM0NEbVVUNzVwRS9iQ0xGbTFJNWNKb2VWYjQ3bGwvNXBIZm9ET0RJb1lBNUxuUXk5Ci96NFBOWUN5dzNDcTltMytuZitIU1JzOEpjV3VVN3U5M0JhQkFpRUEvOW1Qd0RyVGxEaHBJTG5tYnNiSXhYa3EKemVVZ3lwbU0xY3hRbmh0WVM3OENJUURDSEVQZ0hDZFdZQ0xQbk14VWp3cnpYdHlySWxXSjg5ajA0dU9WeU4xdApRUUloQU5JNG1GWVJ2L0ZrM0hTSWF4K1FkRDFWenViNG9wWDF6dk9JK3FDK3hURVBBaUJpTS9LUyt5dGJvNTk0CjhaYmVZTS9sZUdTam4rY3V0OU5YY1VJNmtUaVZBUUlnZC9GVG1pVXJ5TGNTVXh6ejZZcW1VK3dVMStlYlNIbXgKVTg3WERad21iNDA9Ci0tLS0tRU5EIFBSSVZBVEUgS0VZLS0tLS0K
diff --git a/src/test/resources/com/cloudbees/jenkins/plugins/kubernetes_credentials_provider/convertors/DockerServerCredentialsConvertorTest/valid.yaml b/src/test/resources/com/cloudbees/jenkins/plugins/kubernetes_credentials_provider/convertors/DockerServerCredentialsConvertorTest/valid.yaml
new file mode 100644
index 00000000..3c3864a8
--- /dev/null
+++ b/src/test/resources/com/cloudbees/jenkins/plugins/kubernetes_credentials_provider/convertors/DockerServerCredentialsConvertorTest/valid.yaml
@@ -0,0 +1,13 @@
+apiVersion: v1
+kind: Secret
+metadata:
+ name: "x509-valid"
+ labels:
+ jenkins.io/credentials-type: "x509ClientCert"
+ annotations:
+ jenkins.io/credentials-description: "Valid X.509 client certificate"
+type: Opaque
+data:
+ clientCertificate: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSUJZakNDQVF5Z0F3SUJBZ0lKQUtabFF6cUdHV3U5TUEwR0NTcUdTSWIzRFFFQkJRVUFNRUV4Q3pBSkJnTlYKQkFZVEFsaFlNUXN3Q1FZRFZRUUlEQUpZV0RFTE1Ba0dBMVVFQnd3Q1dGZ3hDekFKQmdOVkJBb01BbGhZTVFzdwpDUVlEVlFRRERBSmpZVEFlRncweU1qQTVNakV3TnpRek16VmFGdzB5TWpFd01qRXdOelF6TXpWYU1CRXhEekFOCkJnTlZCQU1NQm1Oc2FXVnVkREJjTUEwR0NTcUdTSWIzRFFFQkFRVUFBMHNBTUVnQ1FRREIveDZSVUxyNVFPWWwKdWxielpJKzh3UFpNbnJEUHdNcFAzS2gxTXp4SndtMUUwTEpjSTFuWTNlUHNvSUdHUVZJVE5ObmpmQmJFdVlVNgowMXNsam81L0FnTUJBQUdqRnpBVk1CTUdBMVVkSlFRTU1Bb0dDQ3NHQVFVRkJ3TUNNQTBHQ1NxR1NJYjNEUUVCCkJRVUFBMEVBVlAzNW9lV1VPaVJhSXY5ekNEdCszVlJNUWQ2ZWdnbW1zeDVxeXk2ZWUvbUxQcGRVV1VTdDhBeWYKQWl3QUQyZGNhNFh6aVZ0SllWSysrVm5GR0cvNUVRPT0KLS0tLS1FTkQgQ0VSVElGSUNBVEUtLS0tLQo=
+ clientKeySecret: LS0tLS1CRUdJTiBQUklWQVRFIEtFWS0tLS0tCk1JSUJWQUlCQURBTkJna3Foa2lHOXcwQkFRRUZBQVNDQVQ0d2dnRTZBZ0VBQWtFQXdmOGVrVkM2K1VEbUpicFcKODJTUHZNRDJUSjZ3ejhES1Q5eW9kVE04U2NKdFJOQ3lYQ05aMk4zajdLQ0Joa0ZTRXpUWjQzd1d4TG1GT3ROYgpKWTZPZndJREFRQUJBa0FVM0NEbVVUNzVwRS9iQ0xGbTFJNWNKb2VWYjQ3bGwvNXBIZm9ET0RJb1lBNUxuUXk5Ci96NFBOWUN5dzNDcTltMytuZitIU1JzOEpjV3VVN3U5M0JhQkFpRUEvOW1Qd0RyVGxEaHBJTG5tYnNiSXhYa3EKemVVZ3lwbU0xY3hRbmh0WVM3OENJUURDSEVQZ0hDZFdZQ0xQbk14VWp3cnpYdHlySWxXSjg5ajA0dU9WeU4xdApRUUloQU5JNG1GWVJ2L0ZrM0hTSWF4K1FkRDFWenViNG9wWDF6dk9JK3FDK3hURVBBaUJpTS9LUyt5dGJvNTk0CjhaYmVZTS9sZUdTam4rY3V0OU5YY1VJNmtUaVZBUUlnZC9GVG1pVXJ5TGNTVXh6ejZZcW1VK3dVMStlYlNIbXgKVTg3WERad21iNDA9Ci0tLS0tRU5EIFBSSVZBVEUgS0VZLS0tLS0K
+ serverCaCertificate: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSUJkRENDQVI0Q0NRQ2d6S2QzaFdCbVhUQU5CZ2txaGtpRzl3MEJBUXNGQURCQk1Rc3dDUVlEVlFRR0V3SlkKV0RFTE1Ba0dBMVVFQ0F3Q1dGZ3hDekFKQmdOVkJBY01BbGhZTVFzd0NRWURWUVFLREFKWVdERUxNQWtHQTFVRQpBd3dDWTJFd0hoY05Nakl3T1RJeE1EYzBNek0xV2hjTk1qSXhNREl4TURjME16TTFXakJCTVFzd0NRWURWUVFHCkV3SllXREVMTUFrR0ExVUVDQXdDV0ZneEN6QUpCZ05WQkFjTUFsaFlNUXN3Q1FZRFZRUUtEQUpZV0RFTE1Ba0cKQTFVRUF3d0NZMkV3WERBTkJna3Foa2lHOXcwQkFRRUZBQU5MQURCSUFrRUFydUlUM29mLzJsVXZZUFk3QXpzagpBdEtablY2Z3RoQjZLNzBBc2dLUHA2M3hkbEJyTWdnNUNZSDdYZTdWbUxYYjd4aEhMQkhCblJKM3ZQYkgvbTdoCnN3SURBUUFCTUEwR0NTcUdTSWIzRFFFQkN3VUFBMEVBZldiNjJSSjIxaTd0bGJTdHRtdTdieS9rNGZNTDMxRlEKWG9SN0pqckhtYkkrZjFCa3dTYk1WeHhhZEFXcFNray9OTkkxK1NIUi9uWVN2L2xvUTNVam1BPT0KLS0tLS1FTkQgQ0VSVElGSUNBVEUtLS0tLQo=
diff --git a/src/test/resources/com/cloudbees/jenkins/plugins/kubernetes_credentials_provider/convertors/DockerServerCredentialsConvertorTest/validMapped.yaml b/src/test/resources/com/cloudbees/jenkins/plugins/kubernetes_credentials_provider/convertors/DockerServerCredentialsConvertorTest/validMapped.yaml
new file mode 100644
index 00000000..c45f591d
--- /dev/null
+++ b/src/test/resources/com/cloudbees/jenkins/plugins/kubernetes_credentials_provider/convertors/DockerServerCredentialsConvertorTest/validMapped.yaml
@@ -0,0 +1,16 @@
+apiVersion: v1
+kind: Secret
+metadata:
+ name: "x509-valid-mapped"
+ labels:
+ jenkins.io/credentials-type: "x509ClientCert"
+ annotations:
+ jenkins.io/credentials-description: "Valid mapped X.509 client certificate"
+ "jenkins.io/credentials-keybinding-clientCertificate": "cert"
+ "jenkins.io/credentials-keybinding-clientKeySecret": "key"
+ "jenkins.io/credentials-keybinding-serverCaCertificate": "ca"
+type: Opaque
+data:
+ cert: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSUJZakNDQVF5Z0F3SUJBZ0lKQUtabFF6cUdHV3U5TUEwR0NTcUdTSWIzRFFFQkJRVUFNRUV4Q3pBSkJnTlYKQkFZVEFsaFlNUXN3Q1FZRFZRUUlEQUpZV0RFTE1Ba0dBMVVFQnd3Q1dGZ3hDekFKQmdOVkJBb01BbGhZTVFzdwpDUVlEVlFRRERBSmpZVEFlRncweU1qQTVNakV3TnpRek16VmFGdzB5TWpFd01qRXdOelF6TXpWYU1CRXhEekFOCkJnTlZCQU1NQm1Oc2FXVnVkREJjTUEwR0NTcUdTSWIzRFFFQkFRVUFBMHNBTUVnQ1FRREIveDZSVUxyNVFPWWwKdWxielpJKzh3UFpNbnJEUHdNcFAzS2gxTXp4SndtMUUwTEpjSTFuWTNlUHNvSUdHUVZJVE5ObmpmQmJFdVlVNgowMXNsam81L0FnTUJBQUdqRnpBVk1CTUdBMVVkSlFRTU1Bb0dDQ3NHQVFVRkJ3TUNNQTBHQ1NxR1NJYjNEUUVCCkJRVUFBMEVBVlAzNW9lV1VPaVJhSXY5ekNEdCszVlJNUWQ2ZWdnbW1zeDVxeXk2ZWUvbUxQcGRVV1VTdDhBeWYKQWl3QUQyZGNhNFh6aVZ0SllWSysrVm5GR0cvNUVRPT0KLS0tLS1FTkQgQ0VSVElGSUNBVEUtLS0tLQo=
+ key: LS0tLS1CRUdJTiBQUklWQVRFIEtFWS0tLS0tCk1JSUJWQUlCQURBTkJna3Foa2lHOXcwQkFRRUZBQVNDQVQ0d2dnRTZBZ0VBQWtFQXdmOGVrVkM2K1VEbUpicFcKODJTUHZNRDJUSjZ3ejhES1Q5eW9kVE04U2NKdFJOQ3lYQ05aMk4zajdLQ0Joa0ZTRXpUWjQzd1d4TG1GT3ROYgpKWTZPZndJREFRQUJBa0FVM0NEbVVUNzVwRS9iQ0xGbTFJNWNKb2VWYjQ3bGwvNXBIZm9ET0RJb1lBNUxuUXk5Ci96NFBOWUN5dzNDcTltMytuZitIU1JzOEpjV3VVN3U5M0JhQkFpRUEvOW1Qd0RyVGxEaHBJTG5tYnNiSXhYa3EKemVVZ3lwbU0xY3hRbmh0WVM3OENJUURDSEVQZ0hDZFdZQ0xQbk14VWp3cnpYdHlySWxXSjg5ajA0dU9WeU4xdApRUUloQU5JNG1GWVJ2L0ZrM0hTSWF4K1FkRDFWenViNG9wWDF6dk9JK3FDK3hURVBBaUJpTS9LUyt5dGJvNTk0CjhaYmVZTS9sZUdTam4rY3V0OU5YY1VJNmtUaVZBUUlnZC9GVG1pVXJ5TGNTVXh6ejZZcW1VK3dVMStlYlNIbXgKVTg3WERad21iNDA9Ci0tLS0tRU5EIFBSSVZBVEUgS0VZLS0tLS0K
+ ca: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSUJkRENDQVI0Q0NRQ2d6S2QzaFdCbVhUQU5CZ2txaGtpRzl3MEJBUXNGQURCQk1Rc3dDUVlEVlFRR0V3SlkKV0RFTE1Ba0dBMVVFQ0F3Q1dGZ3hDekFKQmdOVkJBY01BbGhZTVFzd0NRWURWUVFLREFKWVdERUxNQWtHQTFVRQpBd3dDWTJFd0hoY05Nakl3T1RJeE1EYzBNek0xV2hjTk1qSXhNREl4TURjME16TTFXakJCTVFzd0NRWURWUVFHCkV3SllXREVMTUFrR0ExVUVDQXdDV0ZneEN6QUpCZ05WQkFjTUFsaFlNUXN3Q1FZRFZRUUtEQUpZV0RFTE1Ba0cKQTFVRUF3d0NZMkV3WERBTkJna3Foa2lHOXcwQkFRRUZBQU5MQURCSUFrRUFydUlUM29mLzJsVXZZUFk3QXpzagpBdEtablY2Z3RoQjZLNzBBc2dLUHA2M3hkbEJyTWdnNUNZSDdYZTdWbUxYYjd4aEhMQkhCblJKM3ZQYkgvbTdoCnN3SURBUUFCTUEwR0NTcUdTSWIzRFFFQkN3VUFBMEVBZldiNjJSSjIxaTd0bGJTdHRtdTdieS9rNGZNTDMxRlEKWG9SN0pqckhtYkkrZjFCa3dTYk1WeHhhZEFXcFNray9OTkkxK1NIUi9uWVN2L2xvUTNVam1BPT0KLS0tLS1FTkQgQ0VSVElGSUNBVEUtLS0tLQo=
diff --git a/src/test/resources/com/cloudbees/jenkins/plugins/kubernetes_credentials_provider/convertors/DockerServerCredentialsConvertorTest/validNoDescription.yaml b/src/test/resources/com/cloudbees/jenkins/plugins/kubernetes_credentials_provider/convertors/DockerServerCredentialsConvertorTest/validNoDescription.yaml
new file mode 100644
index 00000000..172f2422
--- /dev/null
+++ b/src/test/resources/com/cloudbees/jenkins/plugins/kubernetes_credentials_provider/convertors/DockerServerCredentialsConvertorTest/validNoDescription.yaml
@@ -0,0 +1,11 @@
+apiVersion: v1
+kind: Secret
+metadata:
+ name: "x509-valid-no-description"
+ labels:
+ jenkins.io/credentials-type: "x509ClientCert"
+type: Opaque
+data:
+ clientCertificate: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSUJZakNDQVF5Z0F3SUJBZ0lKQUtabFF6cUdHV3U5TUEwR0NTcUdTSWIzRFFFQkJRVUFNRUV4Q3pBSkJnTlYKQkFZVEFsaFlNUXN3Q1FZRFZRUUlEQUpZV0RFTE1Ba0dBMVVFQnd3Q1dGZ3hDekFKQmdOVkJBb01BbGhZTVFzdwpDUVlEVlFRRERBSmpZVEFlRncweU1qQTVNakV3TnpRek16VmFGdzB5TWpFd01qRXdOelF6TXpWYU1CRXhEekFOCkJnTlZCQU1NQm1Oc2FXVnVkREJjTUEwR0NTcUdTSWIzRFFFQkFRVUFBMHNBTUVnQ1FRREIveDZSVUxyNVFPWWwKdWxielpJKzh3UFpNbnJEUHdNcFAzS2gxTXp4SndtMUUwTEpjSTFuWTNlUHNvSUdHUVZJVE5ObmpmQmJFdVlVNgowMXNsam81L0FnTUJBQUdqRnpBVk1CTUdBMVVkSlFRTU1Bb0dDQ3NHQVFVRkJ3TUNNQTBHQ1NxR1NJYjNEUUVCCkJRVUFBMEVBVlAzNW9lV1VPaVJhSXY5ekNEdCszVlJNUWQ2ZWdnbW1zeDVxeXk2ZWUvbUxQcGRVV1VTdDhBeWYKQWl3QUQyZGNhNFh6aVZ0SllWSysrVm5GR0cvNUVRPT0KLS0tLS1FTkQgQ0VSVElGSUNBVEUtLS0tLQo=
+ clientKeySecret: LS0tLS1CRUdJTiBQUklWQVRFIEtFWS0tLS0tCk1JSUJWQUlCQURBTkJna3Foa2lHOXcwQkFRRUZBQVNDQVQ0d2dnRTZBZ0VBQWtFQXdmOGVrVkM2K1VEbUpicFcKODJTUHZNRDJUSjZ3ejhES1Q5eW9kVE04U2NKdFJOQ3lYQ05aMk4zajdLQ0Joa0ZTRXpUWjQzd1d4TG1GT3ROYgpKWTZPZndJREFRQUJBa0FVM0NEbVVUNzVwRS9iQ0xGbTFJNWNKb2VWYjQ3bGwvNXBIZm9ET0RJb1lBNUxuUXk5Ci96NFBOWUN5dzNDcTltMytuZitIU1JzOEpjV3VVN3U5M0JhQkFpRUEvOW1Qd0RyVGxEaHBJTG5tYnNiSXhYa3EKemVVZ3lwbU0xY3hRbmh0WVM3OENJUURDSEVQZ0hDZFdZQ0xQbk14VWp3cnpYdHlySWxXSjg5ajA0dU9WeU4xdApRUUloQU5JNG1GWVJ2L0ZrM0hTSWF4K1FkRDFWenViNG9wWDF6dk9JK3FDK3hURVBBaUJpTS9LUyt5dGJvNTk0CjhaYmVZTS9sZUdTam4rY3V0OU5YY1VJNmtUaVZBUUlnZC9GVG1pVXJ5TGNTVXh6ejZZcW1VK3dVMStlYlNIbXgKVTg3WERad21iNDA9Ci0tLS0tRU5EIFBSSVZBVEUgS0VZLS0tLS0K
+ serverCaCertificate: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSUJkRENDQVI0Q0NRQ2d6S2QzaFdCbVhUQU5CZ2txaGtpRzl3MEJBUXNGQURCQk1Rc3dDUVlEVlFRR0V3SlkKV0RFTE1Ba0dBMVVFQ0F3Q1dGZ3hDekFKQmdOVkJBY01BbGhZTVFzd0NRWURWUVFLREFKWVdERUxNQWtHQTFVRQpBd3dDWTJFd0hoY05Nakl3T1RJeE1EYzBNek0xV2hjTk1qSXhNREl4TURjME16TTFXakJCTVFzd0NRWURWUVFHCkV3SllXREVMTUFrR0ExVUVDQXdDV0ZneEN6QUpCZ05WQkFjTUFsaFlNUXN3Q1FZRFZRUUtEQUpZV0RFTE1Ba0cKQTFVRUF3d0NZMkV3WERBTkJna3Foa2lHOXcwQkFRRUZBQU5MQURCSUFrRUFydUlUM29mLzJsVXZZUFk3QXpzagpBdEtablY2Z3RoQjZLNzBBc2dLUHA2M3hkbEJyTWdnNUNZSDdYZTdWbUxYYjd4aEhMQkhCblJKM3ZQYkgvbTdoCnN3SURBUUFCTUEwR0NTcUdTSWIzRFFFQkN3VUFBMEVBZldiNjJSSjIxaTd0bGJTdHRtdTdieS9rNGZNTDMxRlEKWG9SN0pqckhtYkkrZjFCa3dTYk1WeHhhZEFXcFNray9OTkkxK1NIUi9uWVN2L2xvUTNVam1BPT0KLS0tLS1FTkQgQ0VSVElGSUNBVEUtLS0tLQo=
diff --git a/src/test/resources/com/cloudbees/jenkins/plugins/kubernetes_credentials_provider/convertors/DockerServerCredentialsConvertorTest/validScoped.yaml b/src/test/resources/com/cloudbees/jenkins/plugins/kubernetes_credentials_provider/convertors/DockerServerCredentialsConvertorTest/validScoped.yaml
new file mode 100644
index 00000000..a7d8f527
--- /dev/null
+++ b/src/test/resources/com/cloudbees/jenkins/plugins/kubernetes_credentials_provider/convertors/DockerServerCredentialsConvertorTest/validScoped.yaml
@@ -0,0 +1,14 @@
+apiVersion: v1
+kind: Secret
+metadata:
+ name: "x509-valid-scoped"
+ labels:
+ jenkins.io/credentials-type: "x509ClientCert"
+ jenkins.io/credentials-scope: "system"
+ annotations:
+ jenkins.io/credentials-description: "Valid scoped X.509 client certificate"
+type: Opaque
+data:
+ clientCertificate: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSUJZakNDQVF5Z0F3SUJBZ0lKQUtabFF6cUdHV3U5TUEwR0NTcUdTSWIzRFFFQkJRVUFNRUV4Q3pBSkJnTlYKQkFZVEFsaFlNUXN3Q1FZRFZRUUlEQUpZV0RFTE1Ba0dBMVVFQnd3Q1dGZ3hDekFKQmdOVkJBb01BbGhZTVFzdwpDUVlEVlFRRERBSmpZVEFlRncweU1qQTVNakV3TnpRek16VmFGdzB5TWpFd01qRXdOelF6TXpWYU1CRXhEekFOCkJnTlZCQU1NQm1Oc2FXVnVkREJjTUEwR0NTcUdTSWIzRFFFQkFRVUFBMHNBTUVnQ1FRREIveDZSVUxyNVFPWWwKdWxielpJKzh3UFpNbnJEUHdNcFAzS2gxTXp4SndtMUUwTEpjSTFuWTNlUHNvSUdHUVZJVE5ObmpmQmJFdVlVNgowMXNsam81L0FnTUJBQUdqRnpBVk1CTUdBMVVkSlFRTU1Bb0dDQ3NHQVFVRkJ3TUNNQTBHQ1NxR1NJYjNEUUVCCkJRVUFBMEVBVlAzNW9lV1VPaVJhSXY5ekNEdCszVlJNUWQ2ZWdnbW1zeDVxeXk2ZWUvbUxQcGRVV1VTdDhBeWYKQWl3QUQyZGNhNFh6aVZ0SllWSysrVm5GR0cvNUVRPT0KLS0tLS1FTkQgQ0VSVElGSUNBVEUtLS0tLQo=
+ clientKeySecret: LS0tLS1CRUdJTiBQUklWQVRFIEtFWS0tLS0tCk1JSUJWQUlCQURBTkJna3Foa2lHOXcwQkFRRUZBQVNDQVQ0d2dnRTZBZ0VBQWtFQXdmOGVrVkM2K1VEbUpicFcKODJTUHZNRDJUSjZ3ejhES1Q5eW9kVE04U2NKdFJOQ3lYQ05aMk4zajdLQ0Joa0ZTRXpUWjQzd1d4TG1GT3ROYgpKWTZPZndJREFRQUJBa0FVM0NEbVVUNzVwRS9iQ0xGbTFJNWNKb2VWYjQ3bGwvNXBIZm9ET0RJb1lBNUxuUXk5Ci96NFBOWUN5dzNDcTltMytuZitIU1JzOEpjV3VVN3U5M0JhQkFpRUEvOW1Qd0RyVGxEaHBJTG5tYnNiSXhYa3EKemVVZ3lwbU0xY3hRbmh0WVM3OENJUURDSEVQZ0hDZFdZQ0xQbk14VWp3cnpYdHlySWxXSjg5ajA0dU9WeU4xdApRUUloQU5JNG1GWVJ2L0ZrM0hTSWF4K1FkRDFWenViNG9wWDF6dk9JK3FDK3hURVBBaUJpTS9LUyt5dGJvNTk0CjhaYmVZTS9sZUdTam4rY3V0OU5YY1VJNmtUaVZBUUlnZC9GVG1pVXJ5TGNTVXh6ejZZcW1VK3dVMStlYlNIbXgKVTg3WERad21iNDA9Ci0tLS0tRU5EIFBSSVZBVEUgS0VZLS0tLS0K
+ serverCaCertificate: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSUJkRENDQVI0Q0NRQ2d6S2QzaFdCbVhUQU5CZ2txaGtpRzl3MEJBUXNGQURCQk1Rc3dDUVlEVlFRR0V3SlkKV0RFTE1Ba0dBMVVFQ0F3Q1dGZ3hDekFKQmdOVkJBY01BbGhZTVFzd0NRWURWUVFLREFKWVdERUxNQWtHQTFVRQpBd3dDWTJFd0hoY05Nakl3T1RJeE1EYzBNek0xV2hjTk1qSXhNREl4TURjME16TTFXakJCTVFzd0NRWURWUVFHCkV3SllXREVMTUFrR0ExVUVDQXdDV0ZneEN6QUpCZ05WQkFjTUFsaFlNUXN3Q1FZRFZRUUtEQUpZV0RFTE1Ba0cKQTFVRUF3d0NZMkV3WERBTkJna3Foa2lHOXcwQkFRRUZBQU5MQURCSUFrRUFydUlUM29mLzJsVXZZUFk3QXpzagpBdEtablY2Z3RoQjZLNzBBc2dLUHA2M3hkbEJyTWdnNUNZSDdYZTdWbUxYYjd4aEhMQkhCblJKM3ZQYkgvbTdoCnN3SURBUUFCTUEwR0NTcUdTSWIzRFFFQkN3VUFBMEVBZldiNjJSSjIxaTd0bGJTdHRtdTdieS9rNGZNTDMxRlEKWG9SN0pqckhtYkkrZjFCa3dTYk1WeHhhZEFXcFNray9OTkkxK1NIUi9uWVN2L2xvUTNVam1BPT0KLS0tLS1FTkQgQ0VSVElGSUNBVEUtLS0tLQo=
diff --git a/src/test/resources/com/cloudbees/jenkins/plugins/kubernetes_credentials_provider/convertors/DockerServerCredentialsConvertorTest/void.yaml b/src/test/resources/com/cloudbees/jenkins/plugins/kubernetes_credentials_provider/convertors/DockerServerCredentialsConvertorTest/void.yaml
new file mode 100644
index 00000000..0d46ec70
--- /dev/null
+++ b/src/test/resources/com/cloudbees/jenkins/plugins/kubernetes_credentials_provider/convertors/DockerServerCredentialsConvertorTest/void.yaml
@@ -0,0 +1,10 @@
+apiVersion: v1
+kind: Secret
+metadata:
+ name: "x509-void"
+ labels:
+ jenkins.io/credentials-type: "x509ClientCert"
+ annotations:
+ jenkins.io/credentials-description: "Void X.509 client certificate"
+type: Opaque
+data: