CodeMed
Reputation: 9181
Use credentials to make API calls from a Jenkinsfile
What is a secure way to use credentials to make REST API calls from a Jenkinsfile?
For example, the following would not be secure because the username and password are exposed in code:
sh "curl -D- -u username:password -X GET -H 'Content-Type: application/json' http://<ip-of-server-with-rest-api>/path/to/api/endpoint"
Upvotes: 1
Views: 3434
Answers (1)
Mikhail Naletov
Reputation: 285
You should use Credentials Binding Plugin
Here is an example:
withCredentials([usernamePassword(credentialsId: 'amazon',
usernameVariable: 'USERNAME', passwordVariable: 'PASSWORD')]) {
// available as an env variable, but will be masked if you try to print it
out any which way
// note: single quotes prevent Groovy interpolation; expansion is by
Bourne Shell, which is what you want
sh 'echo $PASSWORD'
// also available as a Groovy variable
echo USERNAME
// or inside double quotes for string interpolation
echo "username is $USERNAME"
sh "curl -D- -u $USERNAME:$PASSWORD -X GET -H 'Content-Type: application/json' http://<ip-of-server-with-rest-api>/path/to/api/endpoint"
}
Your credentials will be hidden in Console Output.
Upvotes: 3
Related Questions
- Jenkinsfile access aws credentials
- what can I do on Jenkinsfile to get credentials?
- How to import jenkins credentials into a jenkinsfile?
- How can a Jenkins user authentication details be "passed" to a script which uses Jenkins API to create jobs?
- Upload secret file credentials to Jenkins with REST / CLI
- Using Jenkins global credentials in a pipeline (Jenkinsfile)
- How to invoke Jenkins credentials in a jenkins scripted pipeline (not declarative)
- Jenkins pipeline - use same location and credentials as Jenkinsfile definition
- How can I add a credential to a pipeline job?
- How to pass through Jenkins credentials?