Menu
I have Jenkins scripted pipeline with multiple stages, all of the stages require the same password for interaction with third-party API.
node {
stage ('stage1') {
sh 'curl --user login:password http://trird-party-api'
}
stage ('stage2') {
sh 'curl --user login:password http://trird-party-api'
}
}
For obvious reasons I want to keep this password safe, e.g. in Jenkins credentials.
The only secure way I've found is to add withCredentials section, but it must be added to each pipeline stage, e.g:
node {
stage ('stage1') {
withCredentials([string(credentialsId: '02647301-e655-4858-a7fb-26b106a81458', variable: 'mypwd')]) {
sh 'curl --user login:$mypwd http://trird-party-api'
}
}
stage ('stage2') {
withCredentials([string(credentialsId: '02647301-e655-4858-a7fb-26b106a81458', variable: 'mypwd')]) {
sh 'curl --user login:$mypwd http://trird-party-api'
}
}
}
This approach is not OK because real pipeline is really complicated.
Any alternatives?
219
According to this other stackoverflow question and this tutorial, you should be able to specify the needed credentials in a declarative pipeline like so:
environment {
AUTH = credentials('02647301-e655-4858-a7fb-26b106a81458')
}
stages {
stage('stage1') {
sh 'curl --user $AUTH_USR:$AUTH_PSW http://third-party-api'
}
stage('stage2') {
sh 'curl --user $AUTH_USR:$AUTH_PSW http://third-party-api'
}
With a scripted pipeline, you're pretty much relegated to using withCredentials around the things you want to have access to them. Have you tried surrounding the stages with the credentials, as in:
node {
withCredentials([string(credentialsId: '02647301-e655-4858-a7fb-26b106a81458', variable: 'mypwd')]) {
stage ('stage1') {
sh 'curl --user login:password http://trird-party-api'
}
stage ('stage2') {
sh 'curl --user login:password http://trird-party-api'
}
}
}
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
