Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

Accessing credentials in Jenkins with the Credentials Parameter plugin

Tags:

My Jenkins box needs to access Stash and Jira through their REST apis. For that I need to store their credentials.

The way I am doing is via the Credentials Parameter, which asks me for a Name, Credential type, Required, Default Value, and a Description.

I define a Name as CREDENTIAL_PARAMETER, in the type I set it as "Username with password", and then I pick one credential from the list in the Default Value.

Next in the Build section I define that a shell should be executed, which is something like

echo $CREDENTIAL_PARAMETER 

I was expecting to get something like "username:password" as the CREDENTIAL_PARAMETER. However, I get a hash that I think is how the username and password can be retrieved.

How can I get the credentials based on the hash using bash?

like image 771
Alexandre Santos Avatar asked Jan 15 '16 16:01

Alexandre Santos


People also ask

How do I use credentials parameters in Jenkins?

From the Jenkins home page (i.e. the Dashboard of the Jenkins classic UI), click Manage Jenkins > Manage Credentials. Under Stores scoped to Jenkins on the right, click on Jenkins. Under System, click the Global credentials (unrestricted) link to access this default domain. Click Add Credentials on the left.

How do I enable credentials plugin in Jenkins?

In Jenkins, select Manage Plugins. Select the Available tab. Select the Credentials Binding checkbox. Click Install without restart or Download now and install after restart.

How do you reference credentials in Jenkins?

To use, first go to the Credentials link and add items of type Secret file and/or Secret text. Now in a freestyle job, check the box Use secret text(s) or file(s) and add some variable bindings which will use your credentials. The resulting environment variables can be accessed from shell script build steps and so on.


2 Answers

Just as a note to myself, and hopefully this will help others I'm going to go a bit more in depth than @Alexandre Santos, though his answer is extremely helpful.

The important thing to note is that there is a difference between the Credentials Parameter and the Credentials Binding.

If you are using a parameterized build, you can add a Credentials Parameter that references a credentials binding. When you run the build you'll notice that there is an environment variable that correlates to a credential's GUID in your credential store.

For this to actually be useful you have to inject a "Credentials Binding" into your environment.

Head to the Build Environment section of your job definition. Check Use secret text(s) or file(s). This will actually inject the secret into your build environment. The "Credentials Parameter" created earlier can be used here to let you select different credentials parameters.

For files it will drop the file somewhere in the workspace(?), and then inject a secret environment variable with the full path to the file.

This blog from Cloudbees should help with the rest.

like image 123
Breedly Avatar answered Nov 10 '22 20:11

Breedly


It is possible, but the plugin https://wiki.jenkins-ci.org/display/JENKINS/Credentials+Binding+Plugin needs to be installed. Without it, all you get is a hash to where the credentials can be found.

Once you have the credentials, Jenkins will place them as session environments, which can be retrieved..

Note that the credentials are available only when "Use secret text(s) or file(s)" is enabled in the "Build Environment" section.

Once all is defined, the username and password can be passed either as two different fields or as only one field separated by ":"

like image 43
Alexandre Santos Avatar answered Nov 10 '22 18:11

Alexandre Santos