Jenkinsdevops~30 mins

Credentials plugin for secrets in Jenkins - Mini Project: Build & Apply

Choose your learning style9 modes available

Learn Why Deep Visual Try Challenge Project Recall Time

Using Jenkins Credentials Plugin to Manage Secrets

📖 Scenario: You are setting up a Jenkins pipeline to deploy an application. To keep your deployment secure, you want to store sensitive information like passwords and API tokens safely using Jenkins Credentials Plugin.

🎯 Goal: Learn how to create and use Jenkins credentials in a pipeline script to access secrets securely without exposing them in your code.

📋 What You'll Learn

Create a Jenkins credential with a specific ID and secret value

Reference the credential ID in a pipeline script

Use the credential securely inside the pipeline steps

Print a message confirming the secret was accessed (without showing the secret)

💡 Why This Matters

🌍 Real World

In real projects, storing secrets like API tokens, passwords, and keys securely is critical to protect your systems from unauthorized access.

💼 Career

Knowing how to manage secrets with Jenkins Credentials Plugin is a key skill for DevOps engineers and automation specialists to build secure CI/CD pipelines.

Progress0 / 4 steps

Create a Jenkins secret text credential

Create a Jenkins secret text credential with the ID my-secret-token and the secret value superSecret123. This credential will store your API token securely.

Jenkins

# Create the secret text credential in Jenkins UI with ID 'my-secret-token' and secret 'superSecret123'
# Your code here

Need a hint?

Use Jenkins UI to add a new credential of type 'Secret text'. Set the ID exactly to my-secret-token and the secret to superSecret123.

Reference the credential ID in a Jenkins pipeline variable

In your Jenkins pipeline script, create a variable called tokenId and set it to the string 'my-secret-token' to reference the credential you created.

Jenkins

# Reference the credential ID in a variable called tokenId
# Your code here

Need a hint?

Define a variable named tokenId and assign it the string 'my-secret-token'.

Use the Jenkins credentials binding to access the secret

In the pipeline script, use the withCredentials block with string(credentialsId: tokenId, variable: 'SECRET_TOKEN') to access the secret stored in Jenkins credentials. Inside the block, assign the secret to a variable called token.

Jenkins

def tokenId = 'my-secret-token'

pipeline {
    agent any
    stages {
        stage('Example') {
            steps {
                // Use withCredentials to bind the secret to SECRET_TOKEN
                // Assign SECRET_TOKEN to a variable called token
                // Your code here
            }
        }
    }
}

Need a hint?

Use withCredentials with string(credentialsId: tokenId, variable: 'SECRET_TOKEN'). Inside the block, assign env.SECRET_TOKEN to token.

Print confirmation message without exposing the secret

Add a print or echo statement inside the withCredentials block to display the message Secret token accessed successfully without printing the actual secret value.

Jenkins

def tokenId = 'my-secret-token'

pipeline {
    agent any
    stages {
        stage('Example') {
            steps {
                withCredentials([string(credentialsId: tokenId, variable: 'SECRET_TOKEN')]) {
                    script {
                        def token = env.SECRET_TOKEN
                        // Print confirmation message here
                        // Your code here
                    }
                }
            }
        }
    }
}

Need a hint?

Use echo "Secret token accessed successfully" inside the withCredentials block.