Uploaded image for project: 'Jenkins'
  1. Jenkins
  2. JENKINS-72212

DPAPI credential store (on Windows) leads to "fatal: Cannot prompt because user interactivity has been disabled."

    • Icon: Bug Bug
    • Resolution: Unresolved
    • Icon: Minor Minor
    • None
    • Windows agent connected to via SSH

      Due to known incompatibility between SSH connectivity to agents and the Windows Credentials Manager (wincredman) – see https://github.com/git-ecosystem/git-credential-manager/blob/main/docs/credstores.md#windows-credential-manager – I attempted to switch to using the DPAPI credential store as recommended. However, that results in this error when using withCredentials with a gitUsernamePassword username+password credential specified:

      fatal: Cannot prompt because user interactivity has been disabled.
      

      I've been able to use this same credential successfully with this same approach on Linux agents (also connected via SSH) with their default Git credential store on Linux (which is neither wincredman nor DPAPI), so am assuming it's not an issue with the credential itself.

      Is this error a bug/incompatibility between the Credentials Binding plugin and the use of DPAPI? I got the same error in attempting to use the "plaintext" credential store as well.

          [JENKINS-72212] DPAPI credential store (on Windows) leads to "fatal: Cannot prompt because user interactivity has been disabled."

          Mark Waite added a comment -

          I'm not aware of anyone testing the Windows DPAPI credential store with Jenkins credentials binding plugin. I know that I have not tested it with the git plugin and don't have any plans to test it with the git plugin.

          Mark Waite added a comment - I'm not aware of anyone testing the Windows DPAPI credential store with Jenkins credentials binding plugin. I know that I have not tested it with the git plugin and don't have any plans to test it with the git plugin.

          Nick Jones added a comment -

          That’s fair. I do intend to switch these builds to a Linux agent once I can work out the other dependencies, so this problem will solve itself that way.

          It was interesting to note that the plaintext option (cross-platform) exhibits the same behavior, although I have no intent to use that due to its security issues.

          Nick Jones added a comment - That’s fair. I do intend to switch these builds to a Linux agent once I can work out the other dependencies, so this problem will solve itself that way. It was interesting to note that the plaintext option (cross-platform) exhibits the same behavior, although I have no intent to use that due to its security issues.

            Unassigned Unassigned
            medianick Nick Jones
            Votes:
            0 Vote for this issue
            Watchers:
            2 Start watching this issue

              Created:
              Updated: