If you're looking for a better way to store credentials in Jenkins, learn how to make use of the Credential plugin.
If you've adopted Jenkins as your automation server of choice, you might have run in to situations where you need to add authorization credentials for particular jobs. Problem is, you don't want to store those secrets in plain text--otherwise you're looking at a security problem in the wait.
Although the task of adding credentials security to Jenkins isn't terribly complicated, it's not quite obvious. However, this should be considered a must-use for anyone that depends upon Jenkins and needs to store credentials.
I'm going to walk you through the process of adding authorization credentials to Jenkins. Once you've taken care of this, you shouldn't have any problem running ansible playbooks that require credentials.
SEE: Hiring kit: Database administrator (TechRepublic Premium)
What you'll need
A running instance of Jenkins (see How to install Jenkins on Ubuntu Server 18.04)
SSH public keys for remote servers (if you opt to store SSH key type credentials)
Although it is best to add credentials on a per-job basis, I'm going to show you how to add credentials that will then be available for any job.
How to create new domains
One of the first things you'll need to understand is that you can create credentials for specific or global tasks. Out of the box, there is only one credential domain, aptly named Global Credentials.
Let's create a new domain, called Web Servers. We can then add authorization credentials to that domain. To create the new domain, log in to your Jenkins instance and click Credentials in the left navigation (Figure A).
You should see a new entry appear under Credentials, called System. Click that and you'll then see Add Domain. Click that and a new window will appear. In that new window (Figure B), type WEB SERVERS as the Domain and type an optional description.
Next click the Specification drop-down and select Hostname. In the resulting new text area, click the drop-down to the right of the text area to expand it such that you can add multiple hostnames. In this new area, type all of the IP addresses or domains that will be associated with this domain--one per line (Figure C).
Note: Adding hosts to the domain is optional. You might want to use this if you are creating a domain that will be used only for specific remote machines.
Once you've typed the addresses click the Save button and the new domain is ready. In the resulting window, click Add Credentials in the left navigation. You will then be required to fill out the necessary information for the new credentials (Figure D).
If this is to be an SSH username with private key, select that from the Kind drop-down. When adding SSH private key credentials, you must copy and paste the necessary id_rsa.pub key for the user into the new credential. But first type a username for the credential and then click Enter directly and then click Add. In the resulting window (Figure E), paste the SSH key.
Finally, type the passphrase for the key and click OK.
Your new authorization credential has been successfully added. Since these credentials are stored as encrypted objects, you don't have to worry about using plain text secrets in your code, as you can call those credentials with the help of the Jenkins Credential plugin.
You can find out how to use those credentials with the help of the Pipeline Syntax tool, which can be found at http://SERVER_IP:8080/pipeline-syntax/ (Where SERVER_IP is the address of your Jenkins server.
And that's all there is to adding credentials to Jenkins.
- How to become a database administrator: A cheat sheet (TechRepublic)
- 10 things companies are keeping in their own data centers (TechRepublic download)
- Hiring kit: Database administrator (TechRepublic Premium)
- How to add GitHub support to Jenkins (TechRepublic)
- How to create a new build job in Jenkins (TechRepublic)
- How to run a command with the Ansible shell module (TechRepublic)
- How to deploy a container with Ansible (TechRepublic)
- Cloud arms race buys Intel time, massive profits, but indigestion likely (ZDNet)
- Best cloud services for small businesses (CNET)
- DevOps: More must-read coverage (TechRepublic on Flipboard)