My Jenkins master is running Debian 9 with Jenkins 2.208, Git-plugin 4.0.0 and Hashicorp-vault-plugin 3.0.0. My Jenkins agent is running Debian 9 with Swarm-client plugin 3.17. My master is set to 0 executors so that all jobs run on the agent. I have my Bitbucket credentials saved in Jenkins 3 times - "Username with password", "Vault Username-Password Credential" with K/V engine 1 and "Vault Username-Password Credential" with K/V engine 2.
I have a test freestyle job that does nothing except fetch a Git repository from https://bitbucket.org/... If set the job's Git credentials to use the "Username with password" credentials then the agent successfully fetches the repository. If I use either of the "Vault Username-Password Credential" credentials then the agent fails on the command "git fetch --tags --progress ..." with "remote: Invalid username or password"
In a pipeline job with script from SCM, the master is able to fetch the repository with all 3 credential types but the agent can only fetch when using "Username with password" credentials - it is unable to fetch with "Vault Username-Password Credential" credentials.
Bitbucket usernames are email addresses so they contain "@" special character. In Vault I have tried URL encoding the username to "user%40domain.com" but this causes the master to also fail with invalid username.
Submitter notes that an @ sign embedded in the username will cause authentication failures in the git client plugin. Also an issue for the google code repositories since their user names include an @ sign as well.
I was not aware of Bitbucket Cloud supporting a username which includes an @ character. My Bitbucket Cloud account username (used to perform the clone) does not contain an embedded @ character.
I assume the use of an embedded @ character in the username is used on Bitbucket Server and Bitbucket Data Center. I use markewaite as my Bitbucket Cloud username. Bitbucket Cloud knows my google e-mail address and has connected my google e-mail address to my Bitbucket Cloud account.
Can you define a username in Bitbucket server that does not include the @ character in the username?
Are you able to define an app password in Bitbucket Cloud, store that app password in Hashicorp Vault, and use that app password as part of a Vault username / password credential?