Managing Secrets with Credentials Plugin in Jenkins

Introduction

The Credentials Plugin in Jenkins allows you to manage sensitive information, such as passwords, SSH keys, and API tokens, securely within your CI/CD pipelines. This lesson covers how to set up and use the Credentials Plugin effectively.

What is the Credentials Plugin?

The Credentials Plugin enables Jenkins to store and manage secrets securely. It allows you to define different types of credentials and access them in your Jenkins jobs.

Setting Up Credentials

Step-by-Step Process

1. Navigate to Jenkins Dashboard.
2. Go to Manage Jenkins.
3. Select Manage Credentials.
4. Choose a domain (or no domain) for your credentials.
5. Click on Add Credentials.
6. Select the appropriate Kind of credentials:
• Username with password
• Secret text
• SSH Username with private key
7. Fill in the required fields and click OK.

Using Credentials in Pipelines

To access credentials in a Jenkins Pipeline, use the withCredentials step. Below is an example of how to use a username and password in a pipeline:

pipeline {
    agent any
    stages {
        stage('Example') {
            steps {
                withCredentials([usernamePassword(credentialsId: 'my-credentials-id', passwordVariable: 'PASS', usernameVariable: 'USER')]) {
                    sh 'echo $USER'
                    sh 'echo $PASS'
                }
            }
        }
    }
}

Best Practices

• Limit permissions to only those who need access to certain credentials.
• Regularly rotate secrets to minimize exposure.
• Use different credentials for different environments (e.g., dev, staging, production).
• Avoid printing sensitive information in the console logs.
• Utilize Jenkins folders for organized credential management.

FAQ