Jenkins Credentials Plugin: Difference between revisions
Jump to navigation
Jump to search
Line 14: | Line 14: | ||
=Internal Credential Store= | =Internal Credential Store= | ||
The plugin provides a default internal credential store, stored in $JENKINS_HOME. | The plugin provides a default internal credential store, stored in $JENKINS_HOME. The store is encrypted using a key that is also stored in $JENKINS_HOME. The JVM running Jenkins must have access to these files. | ||
{{Warn|If a non-trusted user can gain access to the files in the J$ENKINS_HOME/secrets directory, all the secrets stored in the internal credential store are compromised.}} | {{Warn|If a non-trusted user can gain access to the files in the J$ENKINS_HOME/secrets directory, all the secrets stored in the internal credential store are compromised.}} |
Revision as of 19:52, 24 April 2018
External
- https://wiki.jenkins.io/display/JENKINS/Credentials+Plugin
- https://github.com/jenkinsci/credentials-plugin/blob/master/docs/user.adoc
Internal
Overview
The Credentials Plugin exposes an API for credential management. The API can be used by plugin authors to define credential types, integrate external credential stores with Jenkins and retrieve credentials those stores and existing stores and by users to manage credentials available in Jenkins.
Internal Credential Store
The plugin provides a default internal credential store, stored in $JENKINS_HOME. The store is encrypted using a key that is also stored in $JENKINS_HOME. The JVM running Jenkins must have access to these files.
If a non-trusted user can gain access to the files in the J$ENKINS_HOME/secrets directory, all the secrets stored in the internal credential store are compromised.