snippetMinor
How to make Jenkinsfile credential visible to many stages
Viewed 0 times
visiblecredentialmakestagesjenkinsfilemanyhow
Problem
In Jenkinsfile, I want to make an
From the official document, I learned that:
For other types of credentials, the document suggests using the
Example of an ssh key step
This is meant to be used in a stage like:
Snippet source
Question
ssh key visible to all stages in the pipeline.From the official document, I learned that:
environmentdirective is used to defy environment variables for used within Jenkinsfile
- The scope of the variables defined depends on the placement of the
environmentdirective
- One can set the some types of credentials inside
environmentdirective with the help of thecredentialshelper
- The types of credentials supported by the helper are:
- Secret text
- Usernames and passwords
- Secret files
For other types of credentials, the document suggests using the
snippet generator, which generates a step.Example of an ssh key step
withCredentials([sshUserPrivateKey(credentialsId: 'jenkins_aws_to_bitbucket', keyFileVariable: 'BITBUCKET_PRV_KEY')]) {
// some block
}This is meant to be used in a stage like:
pipeline {
agent {
// define agent details
}
stages {
stage('Example stage 1') {
steps {
withCredentials(bindings: [sshUserPrivateKey(credentialsId: 'jenkins-ssh-key-for-abc', \
keyFileVariable: 'SSH_KEY_FOR_ABC')]) {
//
}
withCredentials(bindings: [certificate(credentialsId: 'jenkins-certificate-for-xyz', \
keystoreVariable: 'CERTIFICATE_FOR_XYZ', \
passwordVariable: 'XYZ-CERTIFICATE-PASSWORD')]) {
//
}
}
}
stage('Example stage 2') {
steps {
//
}
}
}
}Snippet source
Question
- If the steps are within a stage, are these credentials visible within other stages?
- If not, how to make these credentials global ~ visible within all stages
Solution
The credentials will only be visible within the block passed to
-
If you are using Declarative Pipelines, you can put your credentials in an
-
If you use Scripted Pipelines, you can wrap your entire job in
withCredentials, not outside of that. So, no, your credentials will not be visible to other stages. To make your credentials visible to your entire Pipeline:-
If you are using Declarative Pipelines, you can put your credentials in an
environment{} block at the top of your Pipeline, as documented in the official Jenkins handbook:pipeline {
agent {
// Your agent here
}
environment {
MY_ENVIRONMENT_VARIABLE = credentials('my-credentials-id')
}
stages {
// Your stages here
}
}-
If you use Scripted Pipelines, you can wrap your entire job in
withCredentials. This is not possible with Declarative.Code Snippets
pipeline {
agent {
// Your agent here
}
environment {
MY_ENVIRONMENT_VARIABLE = credentials('my-credentials-id')
}
stages {
// Your stages here
}
}Context
StackExchange DevOps Q#5279, answer score: 8
Revisions (0)
No revisions yet.