扫码阅读
手机扫码阅读

jenkins凭证管理和规范化实践,看这一篇就够了

528 2024-06-15

我们非常重视原创文章,为尊重知识产权并避免潜在的版权问题,我们在此提供文章的摘要供您初步了解。如果您想要查阅更为详尽的内容,访问作者的公众号页面获取完整文章。

查看原文:jenkins凭证管理和规范化实践,看这一篇就够了
文章来源:
DevOps在路上
扫码关注公众号
Jenkins Credentials Summary

Jenkins Credentials Integration with Third-Party Applications

Jenkins supports interaction with third-party sites and apps like artifact repositories, cloud-based storage systems, and services by adding/configuring credentials in Jenkins, allowing Pipeline projects to interact with these third-party applications.

Credential Types

Jenkins can store different types of credentials including:

  • Secret text like API tokens (e.g., GitHub personal access tokens)
  • Username and password, either as separate fields or as a colon-separated string
  • Secret file containing encrypted content
  • SSH Username with private key
  • Certificate (a PKCS#12 certificate file and an optional password)
  • Docker Host Certificate Authentication credentials

Credential Security

Credentials in Jenkins are stored encrypted on the Jenkins master node and can only be accessed via their credentials ID in a Pipeline project, minimizing the exposure of credentials to users and preventing duplication across instances.

Credential Creation

To create credentials, select the appropriate credential type and provide the required information, such as for "Username and password" or "SSH Username with private key" credentials.

Credential ID Definition

A meaningful Credential ID must be specified in the ID field, e.g., "jenkins-user-for-xyz-artifact-repository". If not specified, Jenkins assigns a globally unique ID. Note that once set, the credential ID cannot be changed.

Credential Usage

Credentials stored in Jenkins can be used globally, by specific Pipeline projects, or by specific Jenkins users. In practice, credentials are used for accessing GitLab, API calls, and creating Jenkins slaves, among others.

Credential Related Plugins

Credential types rely on Jenkins plugins, as does the Jenkins pipeline for code snippet support. Plugins like Credentials Binding and SSH Credentials are necessary to handle various credential functionalities.

Best Practices

It is highly recommended to use a uniform convention for specifying credential IDs for ease of management and usage. A format like "gitlab-api-token" or "harbor-userpwd-pair" should be used for credential IDs, and their purpose should be clearly described. This facilitates reuse and maintenance, as credentials can be defined once and used in multiple places.

想要了解更多内容?

查看原文:jenkins凭证管理和规范化实践,看这一篇就够了
文章来源:
DevOps在路上
扫码关注公众号

专注于团队工程效能,分享DevOps实践的心得体会

41 篇文章
浏览 35.1K
加入社区微信群
与行业大咖零距离交流学习
软件研发质量管理体系建设 白皮书上线