Jenkins Credentials Binding Plugin: Difference between revisions
| Line 50: | Line 50: | ||
echo "username is $USERNAME" | echo "username is $USERNAME" | ||
} | } | ||
</syntaxhighlight> | </syntaxhighlight> | ||
The binding injects the username and the password read from the Jenkins credentials vault as environment variable '''and''' Groovy variables, available in the closure. | |||
Configuration Map: | Configuration Map: | ||
* credentialsId: the ID of the Jenkins credential that contains the username and password. | * credentialsId: the ID of the Jenkins credential that contains the username and password. | ||
* usernameVariable: | * usernameVariable: | ||
* passwordVariable: | * passwordVariable: | ||
Revision as of 05:52, 10 April 2021
External
- https://wiki.jenkins.io/display/JENKINS/Credentials+Binding+Plugin
- https://plugins.jenkins.io/credentials-binding/
- https://www.jenkins.io/doc/pipeline/steps/credentials-binding/#withcredentials-bind-credentials-to-variables
- https://docs.cloudbees.com/docs/cloudbees-ci/latest/cloud-secure-guide/injecting-secrets
Internal
Overview
This plugin allows credentials defined in the Jenkins server to be bound to environment variables or parameters to be used fro miscellaneous build steps. It uses a withCredentials step whose programming model is explained below. The advantage of using this pattern is that the credentials are maintained securely by the Jenkins instance and they are automatically masked in the logs.
Playground
withCredentials
The step can be configured with a binding list and executes a closure within which the credentials are projected:
withCredentials(<binding-list>) {
// closure
}
The following bindings are available:
- usernamePassword
- sshUserPrivateKey
- certificate
- dockerCert
- file
- kubeconfigContent
- kubeconfigFile
- vaultString
- zip
- azureServicePrincipal
- $class: 'AmazonWebServicesCredentialsBinding'
and more.
usernamePassword Binding - Injecting Username and Password into a Build Step
A typical pattern to project username and password into a build step:
withCredentials([usernamePassword(credentialsId: 'amazon', usernameVariable: 'USERNAME', passwordVariable: 'PASSWORD')]) {
// available as an env variable, but will be masked if you try to print it out any which way
// note: single quotes prevent Groovy interpolation; expansion is by Bourne Shell, which is what you want
sh 'echo $PASSWORD'
// also available as a Groovy variable
echo USERNAME
// or inside double quotes for string interpolation
echo "username is $USERNAME"
}
The binding injects the username and the password read from the Jenkins credentials vault as environment variable and Groovy variables, available in the closure. Configuration Map:
- credentialsId: the ID of the Jenkins credential that contains the username and password.
- usernameVariable:
- passwordVariable: