External

• https://support.cloudbees.com/hc/en-us/articles/203802500-Injecting-Secrets-into-Jenkins-Build-Jobs
• https://support.cloudbees.com/hc/en-us/articles/204897020-Fetch-a-userid-and-password-from-a-Credential-object-in-a-Pipeline-job-

Internal

• Jenkins Operations

Overview

This article describes the procedure to declare credentials, in this case an external repository username and password, in a Jenkins credential store and then expose them to a build job, in this case a Gradle-driven build.

Pre-Requisites

• Jenkins Credential Plugin has to be installed.
• Jenkins Credentials Binding Plugin has to be installed.

Procedure

Define the Credential

Credentials -> System -> Global credentials (unrestricted) -> Add Credential

Username with password

Scope: Global. The Global scope is required if the credential must be exposed to the build jobs.

Username:

Password:

ID: same as username.

OK.

Upon creation, the credential should be reported in "Global credentials (unrestricted)" section.

Inject the Credential in the Build Job

Jenkins -> the build job in question -> Configure -> Build Environment section -> Check "Use secret text(s) or file(s).

The "Bindings" section will appear.

Add -> Username and password (separated)

Username Variable. This is the name of the environment variable to be set to the username during the build. Example:

CI_USERNAME

Password Variable. This is the name of an environment variable to be set to the password during the build.

Credentials -> Specific credentials -> the credential set up at the previous step.

DO NOT click on the Add button at the right - this will add a new credential.

Save.

Use the Credential in the Build Script

Start the script with

set +x

to prevent commands from being echoed in the logs, in case sensitive credentials are specified in commands.