Uploaded image for project: 'Jenkins'
  1. Jenkins
  2. JENKINS-60440

Invalid git username/password on Jenkins agent when using Vault Username-Password Credential with '@' in username


    • Icon: Bug Bug
    • Resolution: Unresolved
    • Icon: Major Major
    • VM host: Windows 10 1909 running Docker Desktop Community 19.03.5
      Jenkins master: Docker image jenkins/jenkins:latest
      Jenkins agent: Docker image openjdk:8-stretch + Swarm-Client 3.17 plugin
      Hashicorp Vault: Docker image vault:latest

      My Jenkins master is running Debian 9 with Jenkins 2.208, Git-plugin 4.0.0 and Hashicorp-vault-plugin 3.0.0. My Jenkins agent is running Debian 9 with Swarm-client plugin 3.17. My master is set to 0 executors so that all jobs run on the agent. I have my Bitbucket credentials saved in Jenkins 3 times - "Username with password", "Vault Username-Password Credential" with K/V engine 1 and "Vault Username-Password Credential" with K/V engine 2.

      I have a test freestyle job that does nothing except fetch a Git repository from https://bitbucket.org/... If set the job's Git credentials to use the "Username with password" credentials then the agent successfully fetches the repository. If I use either of the "Vault Username-Password Credential" credentials then the agent fails on the command "git fetch --tags --progress ..." with "remote: Invalid username or password"

      In a pipeline job with script from SCM, the master is able to fetch the repository with all 3 credential types but the agent can only fetch when using "Username with password" credentials - it is unable to fetch with "Vault Username-Password Credential" credentials.

      Bitbucket usernames are email addresses so they contain "@" special character. In Vault I have tried URL encoding the username to "user%40domain.com" but this causes the master to also fail with invalid username.

            Unassigned Unassigned
            elgordo Gordon Li
            2 Vote for this issue
            5 Start watching this issue