Injecting Jenkins Credentials into a Build Job
External
- https://support.cloudbees.com/hc/en-us/articles/203802500-Injecting-Secrets-into-Jenkins-Build-Jobs
- https://support.cloudbees.com/hc/en-us/articles/204897020-Fetch-a-userid-and-password-from-a-Credential-object-in-a-Pipeline-job-
Internal
Overview
This article describes the procedure to declare credentials, in this case an external repository username and password, in a Jenkins credential store and then expose them to a build job, in this case a Gradle-driven build.
Pre-Requisites
- Jenkins Credential Plugin has to be installed.
- Jenkins Credentials Binding Plugin has to be installed.
Procedure
Define the Credential
Credentials -> System -> Global credentials (unrestricted) -> Add Credential
Username with password
Scope: Global. The Global scope is required if the credential must be exposed to the build jobs.
Username:
Password:
ID: same as username.
OK.
Upon creation, the credential should be reported in "Global credentials (unrestricted)" section.
Inject the Credential in the Build Job
Jenkins -> the build job in question -> Configure -> Build Environment section -> Check "Use secret text(s) or file(s).
The "Bindings" section will appear.
Add -> Username and password (separated)
Username Variable. This is the name of the environment variable to be set to the username during the build. Example:
CI_USERNAME
Password Variable. This is the name of an environment variable to be set to the password during the build.
Credentials -> Specific credentials -> the credential set up at the previous step.
DO NOT click on the Add button at the right - this will add a new credential.
Save.
Use the Credential in the Build Script
Start the script with:
set +x
to prevent commands from being echoed in the logs, in case sensitive credentials are specified in commands.
The username and password will be available as the environment variables declared in the previous section.