The Correct Way to Handle Credentials in a Jenkins Pipeline

Поделиться
HTML-код
  • Опубликовано: 23 дек 2024

Комментарии • 17

  • @CloudBeesTV
    @CloudBeesTV  4 года назад

    Timecodes ⏱:
    0:00 Intro
    0:19 Overview
    0:34 environment directive
    1:37 example pipeline
    2:13 String interpolation
    3:56 Interpolation of sensitive environment variables
    5:32 Example pipelines
    8:51 Conclusion
    Information referenced in this video:
    environment directive for declarative pipeline
    www.jenkins.io/doc/book/pipeline/syntax/#environment
    Interpolation of sensitive environment variables
    www.jenkins.io/doc/book/pipeline/jenkinsfile/#interpolation-of-sensitive-environment-variables

  • @BramMertens
    @BramMertens 2 года назад +8

    This is useful for using credentials but I'm hoping you could add another video on using credentials scope (i.e. user/system) and domain. Specifically how to define and use credentials for a single (non-admin) user.

  • @Beokabatuka
    @Beokabatuka 3 года назад +7

    This is a good summary of the basics, but what happens when we want to use parameters or other environment variables within the same shell string? Single quotes resolves the warning message and passes the secrets securely, but it breaks every other type of string interpolation. How can we do both at the same time?

  • @grigorytrenin8430
    @grigorytrenin8430 3 года назад +4

    Even if you use single quotes, a shell will perform variable interpolation and will run curl process with exposed credentials. So you will be able to see them in OS process list even if you use single quotes. So how can single quotes be much more secure? You will see the credentials in OS process list regardless of what kind of quotes you use.

  • @marcm7533
    @marcm7533 3 года назад +1

    Extremely clear and precise!

  • @allanfernandes1982
    @allanfernandes1982 3 года назад +3

    Thank you for the video. Helped me a lot.

  • @prasadkancharlaautomation2874
    @prasadkancharlaautomation2874 3 года назад +2

    Thank you for the video, this helped to understand about each KIND of credentials use, also do you have any video on how to use WITHCREDENTIALS syntax? how & what to use in it.? would be helpful if you can post

  • @ramnarasimha4760
    @ramnarasimha4760 Год назад

    How to pass aws access and secret key in Jenkins pipeline for running aws-describe instance command

  • @niranjanhettiwatte9535
    @niranjanhettiwatte9535 Год назад

    I did not see any difference between the use of single and double quotes. Both were showing ****. Just the warning was missing in the single quote.

  • @ivanudovichenko9439
    @ivanudovichenko9439 2 года назад

    Thank you for sharing!

  • @fatihcamgoz
    @fatihcamgoz 2 года назад

    Great explanation! Liked and subbed.

  • @toniasanzo8509
    @toniasanzo8509 2 года назад

    I think the single-quote pattern was updated from '$CRED' to '%CRED%'

  • @CorporalAdrianShephard
    @CorporalAdrianShephard Год назад

    If the credential has a dollar sign in it? Why it isn't handled?

  • @marcm7533
    @marcm7533 3 года назад

    Thank you very much!

  • @UK-sl8gu
    @UK-sl8gu 3 месяца назад

    agent label linux crashed my pipeline but neverthless adding this label for my built-in-node in nodes fixed it again.

  • @ByronBrummer
    @ByronBrummer Год назад

    Nope, wrong. All you've done is silenced the warning in Jenkins, you haven't changed the actual security posture at all.
    What you did is move variable expansion from Groovy to the shell executing curl, but both forms will still toss the raw credentials to exec() and thus show up bright as day in a ps process listing by any user on the system.
    If you must use curl with basic auth credentials, use a netrc file and make sure you lock down its file permissions properly.

  • @RahulMishra-k5s
    @RahulMishra-k5s 3 месяца назад

    Jenkins is soooo frustrating