In this article we will share information to manage Jenkins Credentials. As we know the Credentials are basically use for verifying the identity of user/group and their authentication. In simple layman term, credentials are user/password .
To store and manage credentials in Jenkins we need plugins. While installing the Jenkins on server if you have installed all recommended plugins then by-default plugin called ‘Credential Plugin‘ will also be installed. Learn more about how to manage Jenkins Plugin.
Credential Plugin: It is for storing the credentials in Jenkins.
Credential Binding Plugin: It helps to package credential used in jobs, set as an Environment Variable which can be further used during jenkins builds.
Managing Jenkins Credential
To manage the Jenkins Credential, it is important to understand basics terminology use in Jenkins Credentials. “Credential Type” and “Scopes” are important section to understand to get started.
Types Of Credential
Given below are the Jenkins Credentials Types.- Username and password: By using username and password written in strings. It follows the username:password format.
- Certificate:By using PKCS#12 certificate file and optional password
- Docker Host Certificate Authentication credentials: By using certificate keys for Docker Host authentication.
- Secret file: By using secret file
- Secret text: By using API token
- SSH Username with private key: By using ssh username, keys or passphrase.
Types Of Scope
- Global:Global scope credentials are used with their associated context and all child contexts. For example.
- System:System scope credentials are used in Jenkins system / background tasks.For example. You can use System Scope Credential in task like email authentication, agent connection or Jenkin system administration.
Add Credentials through GUI
From GUI it is quite easy to add new Jenkins Credentials. In this section, we will add some credential by using system ‘jenkins’ and domain ‘global’. Follow the steps as shown in screenshots and described in given below section.click on Credential tab
- Click on ‘Credential’ tab.
- In ‘Credential’ page, you will see Store called ‘Jenkins’ and Domains called ‘Global’. Click on ‘(global)’.
- Click on “Add Credentials”.
-
Click on “Kind” dropdown button. It will show the types of Credentials.
Select either “Kind” of credential. When you select it will show all the required fields to fill. In GUI it is quite easy.
In given below screenshot, you can find all types of Credentials.
Certificate: Set PKCS#12 certificate file and optional password
Docker Host Certificate Authentication credentials: Set certificate keys for Docker Host authentication.
Secret file: Set secret file
Secret text:: Set API token
SSH Username with private key: Set ssh username, keys or passphrase.
Username and password: Set username and password in string. It follow the username:password format.
- Click on “Scope” Dropdown menu. It will show two scopes – Global and System. Select either of the options. The “Scope” dropdown you will get in ALL Credential Types
Given below is example for Username and Password.
Examples: Add Credentials through CLI
In this section, we are writing some examples of adding “Credentials” in Jenkins. We will use jenkins cli jar file .You can download this file from your own Jenkins server.wget http://localhost:8080/jnlpJars/jenkins-cli.jar
Add “Username and Password” Credential through CLI
Here,we will add Jenkins Credential type called “Username and Password” Example: Create a new XML file called ‘credential.xml’ with following contents. In “Scope” field write either GLOBAL or SYSTEM. Replace the other values in XML file.Syntax:
<com.cloudbees.plugins.credentials.impl.UsernamePasswordCredentialsImpl > <scope>GLOBAL OR SYSTEM</scope> <id>Give-ID</id> <username>YOUR_USERNAME</username> <password>GIVE_PASSWORD</password> <description>GIVE_DESCRIPTION</description> </com.cloudbees.plugins.credentials.impl.UsernamePasswordCredentialsImpl>Command: In given below command, replace admin:admin123 with your Jenkins username:password. The credential.xml file should be created as described in above section.
java -jar jenkins-cli.jar -auth admin:admin123 -s http://localhost:8080/ create-credentials-by-xml system::system::jenkins _ < credential.xml
Add "SSH Username with private key" Credential through CLI
Here,we will add Jenkins Credential type called "SSH Username with private key" Example: Create a new XML file called 'credential.xml' with following contents. In "Scope" field write either GLOBAL or SYSTEM. Replace the other values in the XML file.In private key section, give private ssh key contents.
Syntax:
<com.cloudbees.jenkins.plugins.sshcredentials.impl.BasicSSHUserPrivateKey plugin="ssh-credentials@1.13"> <scope>GLOBAL OR SYSTEM</scope> <id>GIVE_CREDENTIAL_ID</id> <description>GIVE_DESCRIPTION</description> <username>GIVE_USERNAME</username> <privateKeySource class="com.cloudbees.jenkins.plugins.sshcredentials.impl.BasicSSHUserPrivateKey$DirectEntryPrivateKeySource"> <privateKey>-----BEGIN RSA PRIVATE KEY----- MIIEpAIBAAKCAQEAuXPQR+kYowJ/pDvjlF7+HJ93eaIuQM/cQijmP8My3dGvEozh . . . . yWWktYfevPu05rda1ThNHNKXjs6Kynl7tl3Sp0vuCF8CXAnyvleimCvip4P4uW28 -----END RSA PRIVATE KEY----- </privateKey> </privateKeySource> </com.cloudbees.jenkins.plugins.sshcredentials.impl.BasicSSHUserPrivateKey>Command: In given below command, replace admin:admin123 with your Jenkins username:password. The credential.xml file should be created as described in above section.
java -jar jenkins-cli.jar -auth admin:admin123 -s http://localhost:8080/ create-credentials-by-xml system::system::jenkins _ < credential.xmlAfter running the command, check the Jenkins "Credential" page for confirming. Jenkins Credential has many other terms to discuss. In this post we have brought the basic essential part. We hope it will help to manage the Jenkins Credential.
Hello,
I am unable to connect to remote host from jenkins server,I check the details exists in credentials.xml file.
I always get error as can’t find the server.
Kindly help me.
Thanks
I am using curl command to create credential using xml.
curl -X POST \
-u $JENKINS_USER:$JENKINS_PASSWORD_OR_API_TOKEN \
-H “Jenkins-Crumb:${JENKINS_CRUMB}” \
-H ‘content-type:application/xml’ \
-d @credential.xml \
“$JENKINS_URL//credentials/store/system/domain/createCredentials”
But howeva Iam getting
HTTP ERROR 404
Problem accessing /credentials/store/system/domain/createCredentials
HI Niv,
This is page not found error, mostly chances of wrong URL ! I can see after $JENKINS_URL you have used double slashes \ . Just remove that one and try.
Regards
Sharad
Hello,
The command works fine, it updates the credentials however the whole process doesn’t work.
In my case, I set the ssh private key to allow ssh connections jenkins master to the agent.
I got an ssh error : agent refused the key.
The workaround is :
Using the UI, I go to Credentials > Jenkins > System > Global credentials (unrestricted) > user, click on the down arrow > update then hit the replace button to cop the private key of my user.
I’ve checked the $JENKINS_HOME/credentias.xml it seems there is a hashing mechanism.
I struggle how to automate this to prevent the dev team to do any further task to allow ssh connections master ==> agent.
Thanks a lot for your support