×
Find plugins

Credentials Binding1.11Minimum Jenkins requirement: 1.642.4ID: credentials-binding

Allows credentials to be bound to environment variables for use from miscellaneous build steps.

Plugin Information

You may have a keystore for jarsigner, a list of passwords, or other confidential files or strings which you want to be used by a job but which should not be kept in its SCM, or even visible from its config.xml. Saving these files on the server and referring to them by absolute path requires you to have a server login, and does not work on slaves. This plugin gives you an easy way to package up all a job’s secret files and passwords and access them using a single environment variable during the build.

To use, first go to the Credentials link and add items of type Secret file and/or Secret text. Now in a freestyle job, check the box Use secret text(s) or file(s) and add some variable bindings which will use your credentials. The resulting environment variables can be accessed from shell script build steps and so on. (You probably want to start any shell script with set +x, or batch script with @echo off. JENKINS-14731).

For more details of how this works, check the Injecting Secrets into Jenkins Build Jobs article at CloudBees.

From a Pipeline job, define your credentials, then check Snippet Generator for a syntax example of the withCredentials step. Any secrets in the build log will be masked automatically.

A typical example of a username password type credential (example from here) would look like: 

 withCredentials([[$class: 'UsernamePasswordMultiBinding', credentialsId: 'amazon',
                            usernameVariable: 'USERNAME', passwordVariable: 'PASSWORD']]) {
                //available as an env variable, but will be masked if you try to print it out any which way
                sh 'echo $PASSWORD'
                echo "${env.USERNAME}"
            }

Changelog

Version 1.11 (Mar 30, 2017)

  • JENKINS-42999 Allow non-file-based credentials to be used from withCredentials outside a node block.
  • Japanese localization.

Version 1.10 (Nov 07, 2016)

  • JENKINS-24805 Mask passwords in freestyle builds, not just in Pipeline builds.
  • Masking did not work correctly if some secrets were a substring of others.
  • JENKINS-38831 Track credentials usage.
  • Adding symbols to binding types for better readability in Pipeline (and probably also Job DSL).

Version 1.9 (Aug 19, 2016)

  • JENKINS-37541 prevent NPE while reading back SecretBuildWrapper
  • Migrate to new parent pom 

Version 1.8 (Jun 10, 2016)

Version 1.7 (Mar 03, 2016)

Version 1.6 (Oct 16, 2015)

  • JENKINS-30941 Fixed regression in 1.5 affecting ZIP file bindings.
  • Resource leak potentially affecting ZIP file bindings.
  • JENKINS-30326 updated dependency on credentials plugin to 1.23

Version 1.5 (Aug 06, 2015)

  • JENKINS-29255 Set restrictive file permission on Secret File binding, to make it easier to use an SSH private key this way.

Version 1.4 (Apr 01, 2015)

  • Updated to Jenkins 1.596.1 and Workflow 1.5.
  • JENKINS-27486 withCredentials step should mask any passwords accidentally printed to the log.
  • JENKINS-27631 withCredentials step should not store passwords even temporarily in program.dat in the build directory.
  • JENKINS-27389 withCredentials step was exposing variables to external processes but not to Groovy code using env.PASSWORD syntax.
  • Improved help for withCredentials.
  • Improved error diagnostics for withCredentials.

Version 1.3 (Jan 20, 2015)

  • JENKINS-26051 Added withCredentials Workflow step. Blog
  • JENKINS-23468 Allowed username & password to be bound to separate variables.
  • SPI changes to permit the above two features.

Version 1.2 (Oct 07, 2014)

  • SECURITY-158 fix.

Version 1.1 (Aug 11, 2014)

  • Add support for parameterized credentials (from credentials plugin 1.16.1)

Version 1.0 (Jun 16, 2014)

First general release.

  • Supporting username/password credentials.
  • Marking added environment variables as “sensitive”, so other code showing them should display the values masked.

Version 1.0 beta 1 (Oct 01, 2013)

ArchivesGet past versions
Labels