Injecting Jenkins Credentials into a Build Job
External
- https://support.cloudbees.com/hc/en-us/articles/203802500-Injecting-Secrets-into-Jenkins-Build-Jobs
- https://support.cloudbees.com/hc/en-us/articles/204897020-Fetch-a-userid-and-password-from-a-Credential-object-in-a-Pipeline-job-
Internal
Overview
This article describes the procedure to declare credentials, in this case an external repository username and password, in a Jenkins credential store and then expose them to a build job, in this case a Gradle-driven build.
Pre-Requisites
- Jenkins Credential Plugin has to be installed.
- Jenkins Credentials Binding Plugin has to be installed.
Procedure
Define the Credential
Credentials -> System -> Global credentials (unrestricted) -> Add Credential
Username with password
Scope: Global. The Global scope is required if the credential must be exposed to the build jobs.
Username:
Password:
ID: same as username.
OK.
Upon creation, the credential should be reported in "Global credentials (unrestricted)" section.
Inject the Credential in the Build Job
Jenkins -> the build job in question -> Configure -> Build Environment section -> Check "Use secret text(s) or file(s).
The "Bindings" section will appear.
Add -> Username and password (separated)
Username Variable. This is the name of the environment variable to be set to the username during the build. Example:
CI_USERNAME
Password Variable. This is the name of an environment variable to be set to the password during the build.
Credentials -> Specific credentials -> the credential set up at the previous step.
DO NOT click on the Add button at the right - this will add a new credential.
Save.
Use the Credential in the Build Script
Start the script with:
set +x
to prevent commands from being echoed in the logs, in case sensitive credentials are specified in commands.