Skip to end of metadata
Go to start of metadata

Plugin Information

View Google OAuth Credentials on the plugin site for more information.

Google OAuth Credentials Plugin

This plugin implements the OAuth Credentials interfaces for surfacing Google Service Accounts to Jenkins.

This plugin allows for the registration of Google Service Account Credentials with the Jenkins master, which can be used to interact with Google APIs.

This plugin surfaces two Credential types for generating OAuth credentials for a Google service account:

  1. [Google Service Account from private key] use this option with the private key for your Google service account.  See our embedded help section for details on how/where this is obtained, or here.
    • You can create service accounts via the Google Developers Console, under APIs & auth → Credentials → Create new Client ID → Service account
    • The downloaded P12 key and the service account email address can then be used when adding the credential to Jenkins; or if you created a new JSON key, you can use that instead
  2. [Google Service Account from metadata] use this option for obtaining the service account information from Google Compute Engine metadata.  This option is only available when the Jenkins master is run on a Google Compute Engine VM. 

Private Key Credentials

Credentials generated from a private key provide uninhibited access to your project as the robot, so we also surface the necessary Domain specification functionality to restrict the scopes for which such a credential may be used by plugins.

For example, if you only want this service account to be used for “Google Drive”, but there are plugins that might use “Google Calendar”, we want this credential to show up as an option for the former, but not the latter.

An example of a private key restricted for use with Google Cloud Storage.

NOTE: As new plugins are installed, which bring in new OAuth scopes, this domain restriction allows those new scopes to be opt-in vs. opt-out.

Metadata Credentials

Credentials obtained via Google Compute Engine metadata are inherently limited to the scopes to which you bound the VM when it was provisioned.  You will see this set of scopes listed alongside the credential.

For an example of how to consume these credentials, please see our Google Cloud Storage plugin.

Version History

Version 0.3 (October 4, 2014)

  • Support upload of private key formats from the new Google Developers Console
    • Thanks to David Hamm
  • Note that existing keys will be migrated automatically after installing this plugin
    • Any failures will be reported to the Jenkins log

Version 0.2 (July 15, 2014)

  • Altered retry behaviour to try and resolve intermittent socket timeouts with Google Cloud Storage

Version 0.1 (March 18, 2014)

  • Initial release