Menu
I am using the CloudBees Folders Plugin with nested folders and the Credentials Plugin for managing secrets into different pipeline jobs. Let's say I have a Jenkins folder structure like this.
folder1/
folder2/
job1
The folders plugin allows me to scope credential domains and credentials to folders, so that only jobs in those folders can access those credentials.
I can do this through the UI, but we rotate these credentials every so often and want to automate part of this.
One way we thought of doing this was to use the Jenkins CLI.
There are various different commands provided by the credentials plugin here. For example:
list-credentials - Lists the Credentials in a specific Store
java -jar jenkins-cli.jar -s http://localhost:8080/ list-credentials STORE
Lists the Credentials in a specific Store
STORE : Store ID
list-credentials-context-resolvers - List Credentials Context Resolvers
java -jar jenkins-cli.jar -s http://localhost:8080/ list-credentials-context-resolvers
List Credentials Context Resolvers
list-credentials-providers - List Credentials Providers
java -jar jenkins-cli.jar -s http://localhost:8080/ list-credentials-providers
List Credentials Providers
The STORE for Jenkins global scope was determined by me by looking at the source code, which shows it is system::system::jenkins.
If I run a few commands I can start to possibly extract some information:
✗ java -jar credential-management/build/jenkinsAutomation/Localhost/cli/jenkins-cli.jar -s http://localhost:8080 list-credentials-context-resolvers --username admin --password password
Results in: 
Running the following:
✗ java -jar credential-management/build/jenkinsAutomation/Localhost/cli/jenkins-cli.jar -s http://localhost:8080 list-credentials system::system::jenkins --username admin --password password
Results in:
Now, I'm trying to list some credentials for a folder, and don't have a clue how to get the STORE (store Id indicated by the documentation).
I have tried
✗ java -jar credential-management/build/jenkinsAutomation/Localhost/cli/jenkins-cli.jar -s http://localhost:8080 list-credentials folder::items::folder1 --username admin --password password
But receive ERROR: The specified resolver folder::items::folder1 cannot be uniquely identified:
How do I determine the STORE of a folder so that I can use the create-credentials-by-xml or other commands to automate them? Or, how can I just executed Groovy using the scripting support to do this?
700
I believe you are almost there.
Credentials Store ID format is Provider::Resolver::ContextPath
Provider name can be found with list-credentials-providers command. You correctly used folder here.
Resolver name can be found with list-credentials-context-resolvers command. I believe that is where you made a typo. It should be item not items.
ContextPath is Resolver dependent. In the case of system it can only be jenkins. In the case of folder it is a full path to the folder, e.g. /folder1/subfolder1.
Therefore, STORE argument in your last command should be folder::item::/folder1
87
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
