patternMinor
Jenkins: make a credential available to all users
Viewed 0 times
availablealljenkinscredentialmakeusers
Problem
I'd like to allow all of our organization's users to create new pipelines in Jenkins, via Blue Ocean...
This requires a Github access token, meaning I have to either require each user to use their own access token, or share the contents of an access token with all users.
The first option seems inconvenient. The second option is a security risk, and we'd have to change our token any time someone left the organization.
I was hoping to find a way to add a credential to Jenkins and scope it so that all users have access to it, so the above New Pipeline flow would use that cred rather than querying the user to input a token.
I created a token with Global (rather than System) scope, but new users are still asked to input a token when they go to add a pipeline.
Is there a good solution for this? Do most organizations rely on individual developers to use their personal access tokens?
This requires a Github access token, meaning I have to either require each user to use their own access token, or share the contents of an access token with all users.
The first option seems inconvenient. The second option is a security risk, and we'd have to change our token any time someone left the organization.
I was hoping to find a way to add a credential to Jenkins and scope it so that all users have access to it, so the above New Pipeline flow would use that cred rather than querying the user to input a token.
I created a token with Global (rather than System) scope, but new users are still asked to input a token when they go to add a pipeline.
Is there a good solution for this? Do most organizations rely on individual developers to use their personal access tokens?
Solution
I was a little confused by the OP question and follow up, so answering about GitHub access to jenkinsfile-based pipeline jobs:
Credentials stored in Jenkins can be available to all users with rights to create jobs. Use a GitHub deployment key for your repo. Yes you need a key for every repo. This does require a user in Github, of course, but there is nothing to stop you from paying for an extra so-called 'machine user.' We, however, just use a real person like me.
This GitHub deploy key allows you to trigger on repo changes, or keep your jenkinsfile in Github. Using jenkinsfiles and keeping them in GitHub, is the best way to do Jenkins, I think.
Credentials stored in Jenkins can be available to all users with rights to create jobs. Use a GitHub deployment key for your repo. Yes you need a key for every repo. This does require a user in Github, of course, but there is nothing to stop you from paying for an extra so-called 'machine user.' We, however, just use a real person like me.
This GitHub deploy key allows you to trigger on repo changes, or keep your jenkinsfile in Github. Using jenkinsfiles and keeping them in GitHub, is the best way to do Jenkins, I think.
Context
StackExchange DevOps Q#4290, answer score: 1
Revisions (0)
No revisions yet.