It is crucial and mandatory step that you have to setup Git Credentials for accessing Git repo calling from Jenkins Jobs. The Jenkins Credentials can be called by its variable also. This article will help you to setup Jenkins Credentials for Git repo access. It is basic of Jenkins and must read article.
In our previous post on Managing Jenkins Credential we have already written about types of “Credentials” and “Scope” (We strongly recommend you to read our previous post before you go for Git Jenkins Credential setup).
To illustrate the Jenkins Credential for Git, we will do some work in our Gihub account too. We have decided to select Gthub due to its popularity. The method which we will tell you in this post is generic. You can apply this method with any Git service provider(Gitlab,Bitbucket,Github etc.) or your own self hosted Git.
3 Generic Methods To Setup Jenkins Credential
You can access the Git repo in many ways (Note this point), it all depends upon what authentication method you have enabled in your Git server.
We have selected 3 Generic methods to configure Jenkins Credential for Git. These 3 methods are commonly used for accessing Git.
- By using username and password
- By using SSH username and its keys
- By using Token
Jenkins Credential Page
Before we start to set Git Credential in Jenkins we would like to suggest to read the post on Managing Jenkins Credentials. It is mendatory to know about the terms which will be used while setting ‘Jenkins Credentials’ .In this post we have shown pictures depicting the steps to reach ‘Jenkins Credential’ page. In our previous post, we have also described about the types of “Scope”.
Go to ‘Jenkins Credential’ page, here is the navigation for adding credential –
Home Page >> Credentials (Tab) >> Credential Store (Select) >> Add Credentials (Tab)
We have described about 3 methods to set git credentials in Jenkins. Select the method as per your requirement and type of credentials you have in your Git Server or Git provider like Github, Gitlab etc.
Method 1: By Using Username And Password
After clicking on ‘Add Credential’ at right hand sidebar you will see the form to fill. It is pretty much self explanatory.
1. Click on dropdown button labelled as ‘Kind’. Select the option ‘Username with password’.
2. Click on dropdown button labelled as ‘Scope’. Select either ‘Global’ or ‘System’.
3. In Username text box give git username.
4. In Password text box give git user’s password.
5. In ID text box write jenkins ID credential. You can write as per your wish.
6. In Description text box write description of this credential. For example – “My Github credentials”.
Method 2: By Using SSH Username with private key
For this, first you have to generate your own SSH RSA keys. It is not mandatory to generate SSH RSA keys in Jenkins Server only (but you can). We will recommend you to generate the SSH RSA keys in your laptop or any secured system of your organisation.
a. Create directory for keeping SSH RSA Keys file and change to newly created directory.
mkdir -p ~/ssh-rsa-keys && cd ~/ssh-rsa-keys
b. Create SSH RSA Keys in pem file format inside newly created directory.
ssh-keygen -t rsa -b 4096 -C "git ssh keys" -f gitcreds.pem
Give passphrase when it is asked.
c. On completion of command, it will create two files – private key and public key. The one which has .pub file extension refer to public key file whereas other is private key file.
In above screenshot, gitcreds.pem (private key) and gitcreds.pem.pub (public key) two files are created.
You have to further follow two mandatory steps:
A. Set private key in Github or any other Git provider
B. Set SSH private key in Jenkins
A. Set private key in Github or any other Git provider
Basically we have to set the Public key in Git Server or Git provider (Github,Bitbucket,Gitlab etc.)
Because Github is popular and mostlt use by many people, we are demonstrating how to set SSH RSA Public key for git access.
a. Login to Github account.
b. Click on ‘Settings’ of your Github profile.
c. Click on ‘SSH and GPG keys’ then click on ‘New SSH Key’. It will first ask you to give your Gtihub password and after authentication will show the ssh key setting page.
d. Give the ‘Title’ of your SSH key in Github.
Copy the content of Public Key which you have generated in previous steps and paste the content in ‘Key’ text field as shown in screenshot. In final step click to ‘Add SSH Key’ button.
cat ~/ssh-rsa-keys/gitcreds.pem.pub
e. The Public SSH key will be added in your Github account. In below screenshot, you can see how it appears.
B. Set SSH private key in Jenkins
a. Click on ‘Add Credential’, at right hand sidebar you will get the form.
b. Click on ‘Kind’ and select option ‘SSH Username with private key’
c. Click on ‘Scope’ and either select ‘Global’ or ‘Standard’ as per your requirement.
d. In ‘Username’, give authorised GIT username.
e. In ‘Private Key’ text field, you have to paste the contents of SSH RSA private key which you have generated in previous section.
Use cat command to get the contents of SSH RSA private key. Copy the content and paste in ‘Private Key’ text field (see in screenshot)
cat ~/ssh-rsa-keys/gitcreds.pem
f. In ‘Passphrase’ text field, write passphrase which you have given while generating the SSH RSA key. If not set, keep it blank.
g. In ‘ID’ text field, write any ID name for this credential.
h. In ‘Description’ box, give description.
i. Click ‘OK’ button to finish.
Now you can access git repo by using GIT Jenkins credential which has ssh keys information from Jobs/pipeline.
IMPORTANT NOTE:
Some admins generate SSH RSA key by using default method i.e ssh-keygen -t rsa -b 4096 -C "git ssh keys". In this method the default private(id_rsa) and public(id_rsa.pub) file will be created inside User’s home directory, which can find by using command ls -la ~/.ssh .Get the contents of Private and Public SSH RSA Key and follow the same steps as referred in above section. It will do the same thing.
Method 3: By using Token
Through API token you can also access the Git repo. To set API token in Jenkins for git repo access also includes two steps.
A. Generate API token
B. Configure API token in Jenkins
A. Generate API token
The API token firstly you have to create in Github account. (Other Git providers also facilitates the API tokens)
a. Login to Github account.
b. Go to your Github profile ‘Settings’.
c. Click on ‘Developer Settings’
d. Click on ‘Personal Access Tokens’ then clikc on ‘Generate access tokens’ button.
e. Then you will get many ‘Scope’ (privilege) options which will bind to this access token. Select wisely as per your requirement. Then click ‘Generate token’ button.
COPY THE API TOKEN AND SAVE IN SOME FILE IN YOUR LAPTOP/DESKTOP. BECAUSE YOU CAN NOT RETRIEVE THE API TOKEN AFTER THIS. API TOKEN CONTENT APPEARS ONE TIME ONLY.
f. The API token will be generated and in Github console it appears as shown in given below screenshot.
B. Configure API token in Jenkins
In above section you have generated the API token. Now we will configure the API token in Jenkins so that git repo could be accessible from jobs/pipeline.
a. Click on ‘Add Credential’
b. Click on ‘Kind’ dropdown and select option ‘Secret text’.
c. Click on ‘Scope’ dropdown. Either select ‘Global’ or ‘Standard’.
d. In ‘Secret’ text box, paste the API Token which you have generated in previous section.
e. In ‘ID’ text box, give ID name for this credential.
f. In ‘Description’ box, give description.
g. Click ‘OK’ button to finish the step.
Before Ending
In this tutorial, we have explained 3 methods add credentials for Git. Now in our Jenkins ‘Credential’ it appears in this manner –
It is all about your choice and requirement how you set your Git Credentials in Jenkins. There are other methods also which you can opt. Adding Credential in Jenkins is easy when you understand the terminology used in form fields.
Hey Sharad, nice explanation. We don’t need to hide the public key (you fudged the key a little bit above). Overall, its a good explanation for anybody who is struggling to set the credentials