I have found a way to access the credentials store in Jenkins:

def getPassword = { username -> def creds = com.cloudbees.plugins.credentials.CredentialsProvider.lookupCredentials( com.cloudbees.plugins.credentials.common.StandardUsernamePasswordCredentials.class, jenkins.model.Jenkins.instance ) def c = creds.findResult { it.username == username ? it : null } if ( c ) { println "found credential ${c.id} for username ${c.username}" def credentials_store = jenkins.model.Jenkins.instance.getExtensionList( 'com.cloudbees.plugins.credentials.SystemCredentialsProvider' )[0].getStore() println "result: " + credentials_store } else { println "could not find credential for ${username}" } } getPassword("XYZ") 

But now i would like to get the password for the appropriate user which i can't do...

I always get unknown method etc. if i try to access passord etc.

The reason for doing this is to use this user/password to call git and extract information from repository..

I always get something like this:

result: com.cloudbees.plugins.credentials.SystemCredentialsProvider$StoreImpl@1639eab2 

Update

After experimenting more (and the hint of Jeanne Boyarsky) with it i found that i was thinking to compilcated. The following already gives me the password for the user:

def getUserPassword = { username -> def creds = com.cloudbees.plugins.credentials.CredentialsProvider.lookupCredentials( com.cloudbees.plugins.credentials.common.StandardUsernamePasswordCredentials.class, jenkins.model.Jenkins.instance ) def c = creds.findResult { it.username == username ? it : null } if ( c ) { return c.password } else { println "could not find credential for ${username}" } } 

Furthermore by using the following snippet you can iterate over the whole credentials store:

def credentials_store = jenkins.model.Jenkins.instance.getExtensionList( 'com.cloudbees.plugins.credentials.SystemCredentialsProvider' ) println "credentials_store: ${credentials_store}" println " Description: ${credentials_store.description}" println " Target: ${credentials_store.target}" credentials_store.each { println "credentials_store.each: ${it}" } credentials_store[0].credentials.each { it -> println "credentials: -> ${it}" if (it instanceof com.cloudbees.plugins.credentials.impl.UsernamePasswordCredentialsImpl) { println "XXX: username: ${it.username} password: ${it.password} description: ${it.description}" } } 

And you will get an output like this:

[(master)]: credentials_store: [com.cloudbees.plugins.credentials.SystemCredentialsProvider@5a2822be] Description: [The descriptions...] Target: [com.cloudbees.plugins.credentials.SystemCredentialsProvider@5a2822be] credentials_store.each: com.cloudbees.plugins.credentials.SystemCredentialsProvider@5a2822be credentials: -> com.cloudbees.jenkins.plugins.sshcredentials.impl.BasicSSHUserPrivateKey@38357ca1 credentials: -> com.cloudbees.jenkins.plugins.sshcredentials.impl.BasicSSHUserPrivateKey@47cf7703 credentials: -> com.cloudbees.plugins.credentials.impl.UsernamePasswordCredentialsImpl@739abac5 XXX: username: User1 password: Password description: The description of the user. credentials: -> com.cloudbees.plugins.credentials.impl.UsernamePasswordCredentialsImpl@884a53e6 XXX: username: User2 password: Password1 description: The description of the user1. Result: [com.cloudbees.jenkins.plugins.sshcredentials.impl.BasicSSHUserPrivateKey@38357ca1, com.cloudbees.jenkins.plugins.sshcredentials.impl.BasicSSHUserPrivateKey@47cf7703, com.cloudbees.plugins.credentials.impl.UsernamePasswordCredentialsImpl@739abac5, com.cloudbees.plugins.credentials.impl.UsernamePasswordCredentialsImpl@884a53e6] 

So by using the appropriate class in the instanceof clause you can select what you need.

4 Answers

This works. It gets the credentials rather than the store.

I didn't write any error handling so it blows up if you don't have a credentials object set up (or probably if you have two). That part is easy to add though. The tricky part is getting the right APIs!

def getPassword = { username -> def creds = com.cloudbees.plugins.credentials.CredentialsProvider.lookupCredentials( com.cloudbees.plugins.credentials.common.StandardUsernamePasswordCredentials.class, jenkins.model.Jenkins.instance ) def c = creds.findResult { it.username == username ? it : null } if ( c ) { println "found credential ${c.id} for username ${c.username}" def systemCredentialsProvider = jenkins.model.Jenkins.instance.getExtensionList( 'com.cloudbees.plugins.credentials.SystemCredentialsProvider' ).first() def password = systemCredentialsProvider.credentials.first().password println password } else { println "could not find credential for ${username}" } } getPassword("jeanne") 
4

The official solution n the jenkins wiki

Printing a list of all the credentials in the system and their IDs.

def creds = com.cloudbees.plugins.credentials.CredentialsProvider.lookupCredentials( com.cloudbees.plugins.credentials.Credentials.class, Jenkins.instance, null, null ); for (c in creds) { println(c.id + ": " + c.description) } 
3

If you just want to retrieve the credentials for a given credentials ID, the simplest way is to use the withCredentials pipeline step to bind credentials to variables.

withCredentials([usernamePassword( credentialsId: 'myCredentials', usernameVariable: 'MYUSER', passwordVariable: 'MYPWD' )]) { echo "User: $MYUSER, Pwd: $MYPWD" } 
4

One liner to get the value of a credential

Assuming...

def CREDENTIAL_ID = "<key_credential_id" 

One liner to get a private key credential:

See ssh credentials implementations for methods to extract values

def PRIVATE_KEY = com.cloudbees.plugins.credentials.SystemCredentialsProvider.getInstance().getStore().getCredentials(com.cloudbees.plugins.credentials.domains.Domain.global()).find { it.getId().equals(CREDENTIAL_ID) }.getPrivateKey() 

One liner to get a username/password credentials:

See username password credentials implementations for methods to extract values

def PASSWORD = com.cloudbees.plugins.credentials.SystemCredentialsProvider.getInstance().getStore().getCredentials(com.cloudbees.plugins.credentials.domains.Domain.global()).find { it.getId().equals(CREDENTIAL_ID) }.getPassword() 
def USERNAME = com.cloudbees.plugins.credentials.SystemCredentialsProvider.getInstance().getStore().getCredentials(com.cloudbees.plugins.credentials.domains.Domain.global()).find { it.getId().equals(CREDENTIAL_ID) }.getUsername() 

One liner to get a string credential:

See plain credentials implementation for methods to extract values

def SECRET = com.cloudbees.plugins.credentials.SystemCredentialsProvider.getInstance().getStore().getCredentials(com.cloudbees.plugins.credentials.domains.Domain.global()).find { it.getId().equals(CREDENTIAL_ID) }.getSecret().getPlainText() 

This allows you to do things like injecting credentials into a docker agent:

def CREDENTIAL_ID = "<key_credential_id" def SECRET = com.cloudbees.plugins.credentials.SystemCredentialsProvider.getInstance().getStore().getCredentials(com.cloudbees.plugins.credentials.domains.Domain.global()).find { it.getId().equals(CREDENTIAL_ID) }.getSecret().getPlainText() pipeline { agent { dockerfile { filename "build/Jenkins.Dockerfile" additionalBuildArgs "--build-arg SECRET=${SECRET}" } } ... } 

Your Answer

Sign up or log in

Sign up using Google Sign up using Facebook Sign up using Email and Password

Post as a guest

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge that you have read and understand our privacy policy and code of conduct.