Jenkins Security Concepts: Difference between revisions
Jump to navigation
Jump to search
No edit summary |
|||
| Line 7: | Line 7: | ||
A summary of credentials managed by a Jenkins instance is available from Jenkins -> Credentials. The view lists [[#Credential_Type|credential types]], [[#Credential_Provider|providers]], [[#Credential_Store|stores]], [[#Credential_Domain|domains]] as well as details such as [[#ID|ID]] and [[#Credential_Name|name]]. | A summary of credentials managed by a Jenkins instance is available from Jenkins -> Credentials. The view lists [[#Credential_Type|credential types]], [[#Credential_Provider|providers]], [[#Credential_Store|stores]], [[#Credential_Domain|domains]] as well as details such as [[#ID|ID]] and [[#Credential_Name|name]]. | ||
=Credentials Plugin= | ==Credentials Plugin== | ||
{{Internal|Jenkins Credentials Plugin#Overview|Credentials Plugin}} | {{Internal|Jenkins Credentials Plugin#Overview|Credentials Plugin}} | ||
=Credential= | ==Credential== | ||
==ID== | ===ID=== | ||
==Credential Name== | ===Credential Name=== | ||
==Credential Type== | ===Credential Type=== | ||
===Username with Password=== | ====Username with Password==== | ||
===Docker Certificates Directory=== | ====Docker Certificates Directory==== | ||
===Docker Host Certificate Authentication=== | ====Docker Host Certificate Authentication==== | ||
===SSH Username with Private Key=== | ====SSH Username with Private Key==== | ||
===Secret File=== | ====Secret File==== | ||
===Secret Text=== | ====Secret Text==== | ||
===Certificate=== | ====Certificate==== | ||
=Credential Provider= | ==Credential Provider== | ||
A ''credential provider'' connects Jenkins to an external credential vault. | A ''credential provider'' connects Jenkins to an external credential vault. | ||
==Jenkins Credentials Provider== | ===Jenkins Credentials Provider=== | ||
Managed by the [[Jenkins Credentials Plugin#Overview|Credentials Plugin]]. Provides credentials from the root of Jenkins. Credentials will be available to: | Managed by the [[Jenkins Credentials Plugin#Overview|Credentials Plugin]]. Provides credentials from the root of Jenkins. Credentials will be available to: | ||
| Line 47: | Line 47: | ||
* System scoped credentials restricted to system level operations such as connecting build agents. | * System scoped credentials restricted to system level operations such as connecting build agents. | ||
==User Credentials Provider== | ===User Credentials Provider=== | ||
Managed by the [[Jenkins Credentials Plugin#Overview|Credentials Plugin]]. Provides each user with a personal credential store. Credentials will be available to: | Managed by the [[Jenkins Credentials Plugin#Overview|Credentials Plugin]]. Provides each user with a personal credential store. Credentials will be available to: | ||
| Line 54: | Line 54: | ||
* Jobs running as the user and the user has the permission: Job/Build. | * Jobs running as the user and the user has the permission: Job/Build. | ||
==BlueOcean Folder Credentials== | ===BlueOcean Folder Credentials=== | ||
==Folder Credentials Provider== | ===Folder Credentials Provider=== | ||
=Credential Store= | ==Credential Store== | ||
==Jenkins Credentials Plugin Internal Store== | ===Jenkins Credentials Plugin Internal Store=== | ||
{{Internal|Jenkins_Credentials_Plugin#Internal_Credential_Store|Jenkins Credentials Plugin Internal Store}} | {{Internal|Jenkins_Credentials_Plugin#Internal_Credential_Store|Jenkins Credentials Plugin Internal Store}} | ||
=Credential Domain= | ==Credential Domain== | ||
Revision as of 19:54, 24 April 2018
Internal
Credentials Management
A summary of credentials managed by a Jenkins instance is available from Jenkins -> Credentials. The view lists credential types, providers, stores, domains as well as details such as ID and name.
Credentials Plugin
Credential
ID
Credential Name
Credential Type
Username with Password
Docker Certificates Directory
Docker Host Certificate Authentication
SSH Username with Private Key
Secret File
Secret Text
Certificate
Credential Provider
A credential provider connects Jenkins to an external credential vault.
Jenkins Credentials Provider
Managed by the Credentials Plugin. Provides credentials from the root of Jenkins. Credentials will be available to:
- Authentication: SYSTEM
- Users with permission: Job/Configure
Credentials will be available in:
- Global scoped credentials be available to all items within Jenkins.
- System scoped credentials restricted to system level operations such as connecting build agents.
User Credentials Provider
Managed by the Credentials Plugin. Provides each user with a personal credential store. Credentials will be available to:
- Immediate operations performed by the user who defined the credentials.
- Jobs with credentials parameters when directly triggered by a user with the permission: Job/Build.
- Jobs running as the user and the user has the permission: Job/Build.