Allows credentials to be bound to environment variables for use from miscellaneous build steps.
View Credentials Binding on the plugin site for more information.
Older versions of this plugin may not be safe to use. Please review the following warnings before using an older version:
To use, first go to the Credentials link and add items of type Secret file and/or Secret text. Now in a freestyle job, check the box Use secret text(s) or file(s) and add some variable bindings which will use your credentials. The resulting environment variables can be accessed from shell script build steps and so on. (You probably want to start any shell script with
set +x, or batch script with
@echo off. JENKINS-14731).
For more details of how this works, check the Injecting Secrets into Jenkins Build Jobs article at CloudBees.
From a Pipeline job, define your credentials, then check Snippet Generator for a syntax example of the
withCredentials step. Any secrets in the build log will be masked automatically.
A typical example of a username password type credential (example from here) would look like:
Version 1.19 (2019-05-31)
- JENKINS-42950 - credentials-binding-plugin not masking secret text when it includes a single quote Resolved Expanded secret masking to include some variants commonly produced by shells when metacharacters are involved.
Version 1.18 (2019-02-25)
- JENKINS-42950 - credentials-binding-plugin not masking secret text when it includes a single quote Resolved Better documentation about limitations and best practices.
- JENKINS-49337 - GeneralNonBlockingStepExecution (was: InterruptedException from step tail call) Closed Avoiding blocking the Pipeline interpreter during block cleanup even if Remoting hangs.
- Avoid printing a stack trace when a
credentialsIdis not found.
Version 1.17 (2018-10-29)
- Improved stream flush behavior in light of JEP-210.
Version 1.16 (Mar 19, 2018)
- JENKINS-49535 - Error message of missing credentials entry not meaningful to end user Resolved
- Improving help text in light of JENKINS-50242 - withCredentials step masking easily bypassed Resolved .
Version 1.15 (Feb 05, 2018)
Version 1.14 (Jan 17, 2018)
- JENKINS-37871 - Credentials-binding plugin is executed after pre-release build steps of release-plugin Resolved Adjusted order of freestyle build wrapper relative to other wrappers.
Fix PCT errors for missing dependency
Metadata fixes useful for
Version 1.13 (Aug 08, 2017)
JENKINS-28399 Binding type for SSH user private key credentials.
JENKINS-41760 Corrupted output when no credentials were specified, or a supposed secret was in fact blank.
JENKINS-43199 File descriptor leak when using build wrapper.
Version 1.12 (Jun 15, 2017)
- Binding type for certificate credentials.
- New APIs
Version 1.11 (Mar 30, 2017)
- JENKINS-42999 Allow non-file-based credentials to be used from
- Japanese localization.
Version 1.10 (Nov 07, 2016)
- JENKINS-24805 Mask passwords in freestyle builds, not just in Pipeline builds.
- Masking did not work correctly if some secrets were a substring of others.
- JENKINS-38831 Track credentials usage.
- Adding symbols to binding types for better readability in Pipeline (and probably also Job DSL).
Version 1.9 (Aug 19, 2016)
- JENKINS-37541 prevent NPE while reading back SecretBuildWrapper
- Migrate to new parent pom
Version 1.8 (Jun 10, 2016)
Version 1.7 (Mar 03, 2016)
- JENKINS-32943/JENKINS-27152 Use a standardized temporary directory understood by Docker Pipeline.
- JENKINS-27387 Failure to generate snippet in a Pipeline configuration page.
Version 1.6 (Oct 16, 2015)
- JENKINS-30941 Fixed regression in 1.5 affecting ZIP file bindings.
- Resource leak potentially affecting ZIP file bindings.
- JENKINS-30326 updated dependency on credentials plugin to 1.23
Version 1.5 (Aug 06, 2015)
- JENKINS-29255 Set restrictive file permission on Secret File binding, to make it easier to use an SSH private key this way.
Version 1.4 (Apr 01, 2015)
- Updated to Jenkins 1.596.1 and Workflow 1.5.
withCredentialsstep should mask any passwords accidentally printed to the log.
withCredentialsstep should not store passwords even temporarily in
program.datin the build directory.
withCredentialsstep was exposing variables to external processes but not to Groovy code using
- Improved help for
- Improved error diagnostics for
Version 1.3 (Jan 20, 2015)
- JENKINS-26051 Added
withCredentialsWorkflow step. Blog
- JENKINS-23468 Allowed username & password to be bound to separate variables.
- SPI changes to permit the above two features.
Version 1.2 (Oct 07, 2014)
- SECURITY-158 fix.
Version 1.1 (Aug 11, 2014)
- Add support for parameterized credentials (from credentials plugin 1.16.1)
Version 1.0 (Jun 16, 2014)
First general release.
- Supporting username/password credentials.
- Marking added environment variables as “sensitive”, so other code showing them should display the values masked.
Version 1.0 beta 1 (Oct 01, 2013)
- Factored out from Plain Credentials Plugin.