Jenkins Security Concepts

From NovaOrdis Knowledge Base
Jump to navigation Jump to search

Internal

Credentials Management

A summary of credentials managed by a Jenkins instance is available from Jenkins -> Credentials.

Credentials Plugin

Credentials Plugin

Credential Type

Username with Password

Docker Certificates Directory

Docker Host Certificate Authentication

SSH Username with Private Key

Secret File

Secret Text

Certificate

Credential Domain

Credential Provider

A credential provider connects Jenkins to an external credential vault.

Jenkins Credentials Provider

Managed by the Credentials Plugin. Provides credentials from the root of Jenkins. Credentials will be available to:

  • Authentication: SYSTEM
  • Users with permission: Job/Configure

Credentials will be available in:

  • Global scoped credentials be available to all items within Jenkins.
  • System scoped credentials restricted to system level operations such as connecting build agents.

User Credentials Provider

Managed by the Credentials Plugin. Provides each user with a personal credential store. Credentials will be available to:

  • Immediate operations performed by the user who defined the credentials.
  • Jobs with credentials parameters when directly triggered by a user with the permission: Job/Build.
  • Jobs running as the user and the user has the permission: Job/Build.

BlueOcean Folder Credentials

Folder Credentials Provider

Credential Store

GitHub Credentials