How to manage credentials in Jenkins?

· Category: DevOps & CI/CD

Short answer

Jenkins credentials store sensitive data such as passwords, tokens, and SSH keys. They are scoped to the system, a folder, or a specific job and are injected into pipelines securely.

Steps

  1. Go to Manage Jenkins > Credentials.
  2. Add a new credential of type Secret text, Username with password, or SSH key.
  3. Reference it in a pipeline with withCredentials.

Example

pipeline {
    agent any
    stages {
        stage('Deploy') {
            steps {
                withCredentials([string(credentialsId: 'API_KEY', variable: 'KEY')]) {
                    sh './deploy.sh'
                }
            }
        }
    }
}

Tips

  • Use the Credentials Binding plugin for flexible injection.
  • Scope credentials as narrowly as possible.
  • Rotate credentials regularly.

Common issues

  • Credentials referenced by ID must exist.
  • Pipeline logs mask credential values but adjacent output may leak them.
  • Folders do not inherit credentials from parent folders by default.