Secret Text Credential in Jenkins: What It Is and How to Use
secret text credential in Jenkins is a secure way to store sensitive text data like API tokens or passwords. Jenkins keeps this text hidden and encrypted, so it can be safely used in jobs without exposing the secret in logs or code.How It Works
Think of a secret text credential in Jenkins like a locked safe where you keep important passwords or tokens. Instead of writing these secrets directly in your build scripts, you store them securely in Jenkins. When a job runs, Jenkins unlocks the safe just enough to use the secret without showing it openly.
This mechanism protects your sensitive data from being exposed in logs or to users who shouldn't see it. Jenkins encrypts the secret text and only reveals it to authorized jobs during execution, keeping your automation safe and clean.
Example
This example shows how to use a secret text credential in a Jenkins Pipeline script to access an API token securely.
pipeline {
agent any
environment {
MY_SECRET = credentials('my-secret-text-id')
}
stages {
stage('Use Secret') {
steps {
echo 'Using secret text credential'
sh 'curl -H "Authorization: Bearer $MY_SECRET" https://api.example.com/data'
}
}
}
}When to Use
Use secret text credentials in Jenkins whenever you need to handle sensitive strings like API keys, tokens, or passwords in your automation. This keeps secrets out of your code and logs, reducing the risk of accidental exposure.
Common real-world uses include accessing cloud services, authenticating with external APIs, or connecting to private repositories securely during builds.
Key Points
- Secret text credentials store sensitive strings securely in Jenkins.
- They are encrypted and hidden from logs and unauthorized users.
- Used in pipelines via the
credentials()function. - Ideal for API tokens, passwords, and other secret strings.