- Jenkins 2.46.2
- credentials:2.1.13 'Credentials Plugin'
- credentials-binding:1.11 'Credentials Binding Plugin'
- workflow-aggregator:2.5 'Pipeline'
- workflow-api:2.12 'Pipeline: API'
- workflow-basic-steps:2.4 'Pipeline: Basic Steps'
- workflow-cps:2.29 'Pipeline: Groovy'
- workflow-cps-checkpoint:2.4 'CloudBees Pipeline: Groovy Checkpoint Plugin'
- workflow-cps-global-lib:2.7 'Pipeline: Shared Groovy Libraries'
- workflow-durable-task-step:2.10 'Pipeline: Nodes and Processes'
- workflow-job:2.10 'Pipeline: Job'
- workflow-multibranch:2.14 'Pipeline: Multibranch'
- workflow-scm-step:2.4 'Pipeline: SCM Step'
- workflow-step-api:2.9 'Pipeline: Step API'
- workflow-support:2.14 'Pipeline: Supporting APIs'
Many organizations use GPG Signing Key and special permissions on Nexus / Artifactory to create releases. For traceability and security, these privileged credentials may be managed as are "per individual/personal credentials", they may not be shared with team members.
For this kind of credentials, we want to use Jenkins User Scoped Credentials in pipeline (withCredentials, git, config-file-provider, ssh-agent...)
When using the authorize project plugin,
- User Scoped Credentials are not found by the "withCredentials" pipeline step.
- Global Credentials overwritten by user scoped credentials are not overwritten when used with the "withCredentials" pipeline step.
- Install the Project Authorize Plugin and configure it "Run as user who triggered the build"
- Create a global credential "global-credentials-intended-to-be-overwritten-at-the-user-scope"
- Create user scoped credentials "global-credentials-intended-to-be-overwritten-at-the-user-scope"
- create a pipeline with "withCredentials" binding 'global-bitbucket-credentials-intended-to-be-overwritten-at-the-user-scope' and writing it in a text file
- run the build, open the text file in the workspace and verify that the global credentials are NOT overwritten
- Create user scoped credentials "my-username-password"
- Create a pipeline with "withCredentials" and the "my-username-password" credentials
- job will fail with "CredentialNotFoundException"