First, what is the evidence
1. Introduction credentials
There are many third-party sites and applications that can interact with Jenkins, for example, code repository GitHub so on.
System administrators can configure this type of application credentials in your application to use exclusively for Jenkins. Typically by access controls to these credentials to do the job in order to "lock application functionality Jenkins area available." Once the administrator to add Jenkins in Jenkins in / configure these credentials, Jenkins project with these credentials can be used to interact with third-party applications.
Jenkins saved the credentials can be used to:
- Jenkins is applicable to any place (ie, global certificates).
- Jenkins specific project.
- Jenkins specific user.
2, classification credentials
Jenkins can save the following types of documents:
- Secret text: for example, API Token (eg GitHub personal access token).
- Username with password: refers GitHub login user name and password, may be treated as a separate component, may be used as username: password colon format string dividing process.
- Secret file: the file is actually a secret content.
- SSH Username with private key: that is, using the private key of SSH user name. This is a secret SSH key pair. Public GitHub configuration above, add the private key here.
- Certificate: namely certificates. A PKCS # 12 certificate file and optional password.
- Docker Host Certificate Authentication: That Docker host certificate authentication credentials.
Classification of these documents can be seen in a global credential which:
3, security credentials
To ensure safety, Jenkins Jenkins credentials configured in the master instance encrypted and stored (ID encrypted by Jenkins example), and only processing Pipeline project by their credentials ID.
This minimizes the possibility of an actual certificate itself is exposed to Jenkins user, and limit the function certificate Jenkins copied from one instance to another capacity Jenkins example.
Second, add credentials
We are here to add SSH Username with private key, for example, explain how to add a Jenkins credentials.
In the above mentioned, SSH credentials requires a private key, so we first need to generate SSH Key.
Use the following command can be generated SSH Key:
$ ssh-keygen -t rsa -C "[email protected]"
As shown below:
All options are default, has been to generate a carriage return. After generating the file is generated, as shown below in .ssh folder:
A total of two files are generated:
- id_rsa. This is the private key file.
- id_rsa.pub. This is the public key file, you need to configure to GitHub above.
Log in GitHub, then select "Settings" in the following account:
Then select "SSH and GPG keys":
Then click on "New SSH key", the resulting id_rsa.pub file copy the contents inside come to:
This addition was completed the SSH key.
Jenkins when pulling git project code, if not configured "certificate credentials Credentials" configuration or not, an error message will be shown below:
This time you need to add the certificate credentials Credentials, there are two ways to add a certificate credentials.
1. Add the time of creation
Credentials click on the back of the "Add", select "Jenkins", as shown below:
Then select "SSH Username with private key", as shown below:
Select Private Key, as shown below:
Copy the generated private key to the top here, to play Username a name.
Finally, click "Add" button to complete the add SSH credentials.
Note: This is a copy of the private key in time, all content must take the generated private key file copies which are to come.
Select the certificate you just added in the choice voucher when this time would not be incorrect report:
2, add the voucher inside
We can also add credentials inside
Similarly chose "SSH Username with private key", as shown below:
然后下面的步骤和刚才的就一样了,输入生成的私钥即可。这样就配置好了SSH凭据。