Jenkins: Access global passwords in powershell

powershell jenkins passwords global
user4296485 picture user4296485 · Nov 26, 2014 · Viewed 23.1k times · Source

I am having trouble accessing the jenkins global password as an environment variable in powershell. I have done the following. Not sure what else I am missing.

  1. Installed Credentials Binding Plugin, Environment Injector Plugin, Mask Passwords Plugin, Hudson PowerShell plugin
  2. Created a global password entry within manage credentials as gluser
  3. In my build, I have a powershell call with the build environment defined for inject passwords to the build as environment variables and checked for global passwords.
  4. None of the following get me to reference the global password in my powershell scripts
    $env:gluser
    $gluser

None of them seem to let me access the global password within powershell call from Jenkins. Could someone please help?

Answer

Slav picture Slav · Nov 26, 2014

Don't confuse EnvInject plugin and Credentials Binding plugin. The two do quite different things, however both allow the manage passwords globally, yet differently.

EnvInject way

  • Manage Jenkins -> Configure System
  • Under Global Password
    1. Click Add.
    2. Enter name (of environment variable) and password.
  • Job -> Configure
  • Under Build Environment
    1. check Inject passwords to the build as environment variables.
    2. Check Global passwords.
    3. Check Mask password parameters.

Credentials Binding way

  • Manage Jenkins -> Manage Credentials
    1. Click Add Credentials (without domain).
    2. Select Username with password OR Secret text.
    3. Enter Username and Password OR Secret.
  • Job -> Configure
  • Under Build Environment
    1. Check Use secret text(s) or file(s).
    2. Under Bindings, click Add.
    3. Select Username and password OR Secret text.
    4. Enter Variable name that you want to hold your credentials value.
    5. Select Specific credentials radio button.
    6. Select your configured credentials from the drop-down

In your Powershell

  • Access these as you would any other environment variable:
    $env:VAR_NAME
    where VAR_NAME is the environment variable name (i.e. step 2 from EnvInject way, or step 4 from Credentials Binding way)

Appendix

EnvInject vs Credentials Binding

  • EnvInject passwords will show encrypted in list of environment variables.
  • EnvInject passwords will show starred (*****) in console output.
  • EnvInject passwords use the same variable name as the global configuration, so you have to remember that global variable name.
    |
  • CB passwords are shown plain text in list of environment variables.
  • CB passwords are not starred in console output.
  • CB passwords can be bound to any variable name you want in the job from a dropdown, so you don't have to remember that global variable name.
    |
  • Credentials Binding is really more for biding credential files, like certificates and keys, rather than password values.

Username with Password vs Secret Text.

  • The former is available in the form username:password.
  • The latter is just secret.

Related questions

How to run a PowerShell script as a job in Jenkins

This sounds like a simple question, but I haven't been able to work it out after looking online. I basically want to execute a PowerShell script (e.g. script.ps1) in Jenkins and report success/failure. Try 1: Run following as "…

Read More
Jenkins powershell plugin always builds successfully

I'm using Jenkins PowerShell plugin to build a project. However, I found that Jenkins always considers my build successful no matter what I type inside Windows PowerShell command. Here's an example: As you can see, asdf isn't a legal command. …

Read More
How do I execute a PS1 file as a different user?

I need to be able to run a PowerShell script remotely (via Jenkins) as a different user. Since it will be executed as a Jenkins job, Get-Credential is not an option for me. Below is the script I have created …

Read More