Menu
I have multiple users on a Jenkins server, each with their own credentials for external secured servers needed to run their builds. I am using the credentials plugin to manage the stored credentials. Currently, when a user configures a project, they can use anyones credentials for doing external jobs. I need to make it so that each user only sees the credentials they own when they configure jobs on the jenkins server. How would I do this?
228
To maximize security, credentials configured in Jenkins are stored in an encrypted form on the controller Jenkins instance (encrypted by the Jenkins instance ID) and are only handled in Pipeline projects via their credential IDs.
Installing the Mask Password PluginNavigate to manage Jenkins and click Manage Plugins. Search for Mask Passwords. Select the plugin then click “Download now and install after restart”. Once Mask Passwords is setup you can click Restart Jenkins to safely reboot.
This plugin allows you to store credentials in Jenkins. The credentials plugin provides a standardized API for other plugins to store and retrieve different types of credentials. User visible features are: A “Manage Credentials” screen on the “Manage Jenkins” screen allowing you to manage system and global credentials.
User visible features are: A “Manage Credentials” screen on the “Manage Jenkins” screen allowing you to manage system and global credentials. If you are using Jenkins security, when you go to “Users” / your username / “Configure” you would see the option to manage personal credentials.
Above, in blue is the Overall/Administer permission, which provides admin users with unconstrained control over Jenkins. Marked in yellow are the Credentials permissions, which include Credentials/Create, Credentials/Delete and Credentials/Update permissions.
Once the plugin is installed, next step is to change the default Jenkins authorization method to use this role-based plugin. For this, go to “Manage Jenkins”, click on “Configure Global Security”, under the “Access Control” section, for the “Authorization”, click on “Role-Based Strategy” as shown below.
The Folders plugin allows to limit the scope of credentials to a specific folder.
If you're fine with restricting access of different users to different folders (e.g., with the Role Strategy plugin), then this could be a solution.
Just create the folder, enter the folder, then select the "Credentials" link on the sidebar. A new link should appear called "Folder" click that and then define your credentials. Jobs in other folders will not be able to use those.
169
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
