0
0
JenkinsHow-ToBeginner · 4 min read

How to Manage Credentials in Jenkins Securely and Easily

In Jenkins, manage credentials securely using the Credentials plugin by adding them in the Jenkins dashboard under Manage Jenkins > Credentials. Use these stored credentials in your jobs or pipelines by referencing their IDs, avoiding hardcoding sensitive data.
📐

Syntax

Jenkins credentials are stored and referenced by an ID. You add credentials through the Jenkins UI or via code, then use the ID in your pipeline or job configuration.

Example usage in a pipeline:

  • credentialsId: The unique ID of the stored credential.
  • withCredentials: Pipeline step to bind credentials to environment variables.
groovy
pipeline {
  agent any
  stages {
    stage('Example') {
      steps {
        withCredentials([usernamePassword(credentialsId: 'my-cred-id', usernameVariable: 'USER', passwordVariable: 'PASS')]) {
          sh 'echo Username is $USER'
          sh 'echo Password is $PASS'
        }
      }
    }
  }
}
💻

Example

This example shows how to add a username and password credential in Jenkins and use it in a pipeline script to print the username safely.

groovy
pipeline {
  agent any
  stages {
    stage('Use Credentials') {
      steps {
        withCredentials([usernamePassword(credentialsId: 'example-cred', usernameVariable: 'USERNAME', passwordVariable: 'PASSWORD')]) {
          sh 'echo The username is $USERNAME'
        }
      }
    }
  }
}
Output
The username is myuser
⚠️

Common Pitfalls

  • Hardcoding credentials directly in pipeline scripts or job configurations exposes sensitive data.
  • Not assigning proper permissions to credentials can lead to unauthorized access.
  • Using wrong credentialsId causes failures in accessing secrets.
  • Forgetting to mask passwords in console output can leak secrets.
groovy
/* Wrong way: hardcoding password */
pipeline {
  agent any
  stages {
    stage('Bad Practice') {
      steps {
        sh 'echo Password is mysecretpassword'
      }
    }
  }
}

/* Right way: use credentials */
pipeline {
  agent any
  stages {
    stage('Good Practice') {
      steps {
        withCredentials([string(credentialsId: 'my-secret', variable: 'SECRET')]) {
          sh 'echo Password is $SECRET'
        }
      }
    }
  }
}
📊

Quick Reference

Summary tips for managing Jenkins credentials:

  • Always add credentials via Manage Jenkins > Credentials.
  • Use credentialsId to reference credentials in pipelines.
  • Use withCredentials to bind secrets safely.
  • Set proper permissions on credentials for security.
  • Never hardcode secrets in scripts or job configs.

Key Takeaways

Store all sensitive data in Jenkins Credentials store, never in plain text.
Use the credentials ID with pipeline steps like withCredentials to access secrets safely.
Assign proper permissions to credentials to control access.
Avoid printing secrets directly to console output to prevent leaks.
Manage credentials centrally via Jenkins UI for easier updates and security.

Related by keyword

How to Manage Jenkins from Command Line EasilyAdministrationManage Jenkins Plugins from CLI: Commands and ExamplesPluginsJenkins Credentials Plugin: What It Is and How It WorksPluginsHow to Access Jenkins Dashboard Quickly and EasilyGetting StartedHow to Start Jenkins: Simple Steps to Run Jenkins ServerGetting Started

Up next

What is src Directory in Shared Library in Jenkins ExplainedWhat is the vars Directory in Jenkins Shared Library?How to Install Plugins in Jenkins: Step-by-Step GuideHow to Update Plugin in Jenkins: Step-by-Step Guide

More in Credentials

How to Add Credential in Jenkins: Step-by-Step GuideHow to Store AWS Credentials in Jenkins SecurelyHow to Use Credentials Binding Plugin in Jenkins for Secure SecretsHow to Use Credentials in Jenkins Pipeline