jenkins凭证管理和规范化实践，看这一篇就够了

Jenkins Credentials Integration with Third-Party Applications

Jenkins supports interaction with third-party sites and apps like artifact repositories, cloud-based storage systems, and services by adding/configuring credentials in Jenkins, allowing Pipeline projects to interact with these third-party applications.

Credential Types

Jenkins can store different types of credentials including:

• Secret text like API tokens (e.g., GitHub personal access tokens)
• Username and password, either as separate fields or as a colon-separated string
• Secret file containing encrypted content
• SSH Username with private key
• Certificate (a PKCS#12 certificate file and an optional password)
• Docker Host Certificate Authentication credentials

Credential Security

Credentials in Jenkins are stored encrypted on the Jenkins master node and can only be accessed via their credentials ID in a Pipeline project, minimizing the exposure of credentials to users and preventing duplication across instances.

Credential Creation

To create credentials, select the appropriate credential type and provide the required information, such as for "Username and password" or "SSH Username with private key" credentials.

Credential ID Definition

A meaningful Credential ID must be specified in the ID field, e.g., "jenkins-user-for-xyz-artifact-repository". If not specified, Jenkins assigns a globally unique ID. Note that once set, the credential ID cannot be changed.

Credential Usage

Credentials stored in Jenkins can be used globally, by specific Pipeline projects, or by specific Jenkins users. In practice, credentials are used for accessing GitLab, API calls, and creating Jenkins slaves, among others.

Credential Related Plugins

Credential types rely on Jenkins plugins, as does the Jenkins pipeline for code snippet support. Plugins like Credentials Binding and SSH Credentials are necessary to handle various credential functionalities.

Best Practices

It is highly recommended to use a uniform convention for specifying credential IDs for ease of management and usage. A format like "gitlab-api-token" or "harbor-userpwd-pair" should be used for credential IDs, and their purpose should be clearly described. This facilitates reuse and maintenance, as credentials can be defined once and used in multiple places.