HiveBrain v1.2.0
Get Started
← Back to all entries
snippetMinor

How to make Jenkinsfile credential visible to many stages

Submitted by: @import:stackexchange-devops··
0
Viewed 0 times
visiblecredentialmakestagesjenkinsfilemanyhow

Problem

In Jenkinsfile, I want to make an ssh key visible to all stages in the pipeline.

From the official document, I learned that:

  • environment directive is used to defy environment variables for used within Jenkinsfile



  • The scope of the variables defined depends on the placement of the environment directive



  • One can set the some types of credentials insideenvironment directive with the help of the credentials helper



  • The types of credentials supported by the helper are:



  • Secret text



  • Usernames and passwords



  • Secret files



For other types of credentials, the document suggests using the snippet generator, which generates a step.

Example of an ssh key step

withCredentials([sshUserPrivateKey(credentialsId: 'jenkins_aws_to_bitbucket', keyFileVariable: 'BITBUCKET_PRV_KEY')]) {
    // some block
}


This is meant to be used in a stage like:

pipeline {
    agent {
        // define agent details
    }
    stages {
        stage('Example stage 1') {
            steps {
                withCredentials(bindings: [sshUserPrivateKey(credentialsId: 'jenkins-ssh-key-for-abc', \
                                                             keyFileVariable: 'SSH_KEY_FOR_ABC')]) {
                  // 
                }
                withCredentials(bindings: [certificate(credentialsId: 'jenkins-certificate-for-xyz', \
                                                       keystoreVariable: 'CERTIFICATE_FOR_XYZ', \
                                                       passwordVariable: 'XYZ-CERTIFICATE-PASSWORD')]) {
                  // 
                }
            }
        }
        stage('Example stage 2') {
            steps {
                // 
            }
        }
    }
}


Snippet source

Question

  • If the steps are within a stage, are these credentials visible within other stages?



  • If not, how to make these credentials global ~ visible within all stages

Solution

The credentials will only be visible within the block passed to withCredentials, not outside of that. So, no, your credentials will not be visible to other stages. To make your credentials visible to your entire Pipeline:

-
If you are using Declarative Pipelines, you can put your credentials in an environment{} block at the top of your Pipeline, as documented in the official Jenkins handbook:

pipeline {
    agent {
        // Your agent here
    }
    environment {
        MY_ENVIRONMENT_VARIABLE = credentials('my-credentials-id')
    }
    stages {
        // Your stages here
    }
}


-
If you use Scripted Pipelines, you can wrap your entire job in withCredentials. This is not possible with Declarative.

Code Snippets

pipeline {
    agent {
        // Your agent here
    }
    environment {
        MY_ENVIRONMENT_VARIABLE = credentials('my-credentials-id')
    }
    stages {
        // Your stages here
    }
}

Context

StackExchange DevOps Q#5279, answer score: 8

Revisions (0)

No revisions yet.