-
Bug
-
Resolution: Not A Defect
-
Minor
-
None
-
k3s kb8s on ubuntu 24.04:
jenkins:latest lts jdk17:
plugins:
kubernetes-credentials:latest
kubernetes-credentials-provider:latest
kubernetes-client-api:latest
configuration-as-code:latest
groovy:latest
workflow-cps-global-lib:latest
prism-api:latest
ivy:latest
active-directory:latest
ant:latest
antisamy-markup-formatter:latest
apache-httpcomponents-client-4-api:latest
apache-httpcomponents-client-5-api:latest
asm-api:latest
authentication-tokens:latest
authorize-project:latest
blueocean-autofavorite:latest
blueocean-bitbucket-pipeline:latest
blueocean-commons:latest
blueocean-config:latest
blueocean-core-js:latest
blueocean-dashboard:latest
blueocean-display-url:latest
blueocean-events:latest
blueocean-git-pipeline:latest
blueocean-github-pipeline:latest
blueocean-i18n:latest
blueocean-jira:latest
blueocean-jwt:latest
blueocean-personalization:latest
blueocean-pipeline-api-impl:latest
blueocean-pipeline-editor:latest
blueocean-pipeline-scm-api:latest
blueocean-rest-impl:latest
blueocean-rest:latest
blueocean-web:latest
blueocean:latest
bootstrap5-api:latest
bouncycastle-api:latest
branch-api:latest
bruceschneier:latest
build-failure-analyzer:latest
buildtriggerbadge:latest
caffeine-api:latest
checks-api:latest
cloudbees-bitbucket-branch-source:latest
cloudbees-folder:latest
command-launcher:latest
commons-compress-api:latest
commons-lang3-api:latest
commons-text-api:latest
conditional-buildstep:latest
config-file-provider:latest
credentials-binding:latest
credentials:latest
dark-theme:latest
dashboard-view:latest
display-url-api:latest
docker-commons:latest
docker-java-api:latest
durable-task:latest
echarts-api:latest
eddsa-api:latest
envinject-api:latest
envinject:latest
email-ext:latest
prometheus:latest
favorite:latest
font-awesome-api:latest
generic-webhook-trigger:latest
git-client:latest
git-server:latest
git:latest
github-api:latest
github-branch-source:latest
github:latest
gson-api:latest
handy-uri-templates-2-api:latest
htmlpublisher:latest
http_request:latest
instance-identity:latest
instant-messaging:latest
ionicons-api:latest
jabber:latest
jackson2-api:latest
jakarta-activation-api:latest
jakarta-mail-api:latest
javadoc:latest
javax-activation-api:latest
javax-mail-api:latest
jaxb:latest
jdk-tool:latest
jenkins-design-language:latest
jersey2-api:latest
jira:latest
jjwt-api:latest
job-dsl:latest
jobConfigHistory:latest
joda-time-api:latest
jquery3-api:latest
jsch:latest
json-api:latest
json-path-api:latest
jsoup:latest
junit:latest
ldap:latest
login-theme:latest
mailer:latest
managed-scripts:latest
mapdb-api:latest
material-theme:latest
matrix-auth:latest
matrix-project:latest
maven-plugin:latest
metrics:latest
mina-sshd-api-common:latest
mina-sshd-api-core:latest
monitoring:latest
okhttp-api:latest
oss-symbols-api:latest
pipeline-build-step:latest
pipeline-graph-analysis:latest
pipeline-groovy-lib:latest
pipeline-input-step:latest
pipeline-milestone-step:latest
pipeline-model-api:latest
pipeline-model-definition:latest
pipeline-model-extensions:latest
pipeline-rest-api:latest
pipeline-stage-step:latest
pipeline-stage-tags-metadata:latest
pipeline-stage-view:latest
pipeline-utility-steps:latest
plain-credentials:latest
plugin-usage-plugin:latest
plugin-util-api:latest
project-stats-plugin:latest
pubsub-light:latest
resource-disposer:latest
run-condition:latest
scm-api:latest
script-security:latest
slack:latest
snakeyaml-api:latest
sse-gateway:latest
ssh-agent:latest
ssh-credentials:latest
ssh-slaves:latest
sshd:latest
structs:latest
subversion:latest
support-core:latest
theme-manager:latest
thinBackup:latest
token-macro:latest
trilead-api:latest
variant:latest
workflow-aggregator:latest
workflow-api:latest
workflow-basic-steps:latest
workflow-cps:latest
workflow-durable-task-step:latest
workflow-job:latest
workflow-multibranch:latest
workflow-scm-step:latest
workflow-step-api:latest
workflow-support:latest
ws-cleanup:latestk3s kb8s on ubuntu 24.04: jenkins:latest lts jdk17: plugins: kubernetes-credentials:latest kubernetes-credentials-provider:latest kubernetes-client-api:latest configuration-as-code:latest groovy:latest workflow-cps-global-lib:latest prism-api:latest ivy:latest active-directory:latest ant:latest antisamy-markup-formatter:latest apache-httpcomponents-client-4-api:latest apache-httpcomponents-client-5-api:latest asm-api:latest authentication-tokens:latest authorize-project:latest blueocean-autofavorite:latest blueocean-bitbucket-pipeline:latest blueocean-commons:latest blueocean-config:latest blueocean-core-js:latest blueocean-dashboard:latest blueocean-display-url:latest blueocean-events:latest blueocean-git-pipeline:latest blueocean-github-pipeline:latest blueocean-i18n:latest blueocean-jira:latest blueocean-jwt:latest blueocean-personalization:latest blueocean-pipeline-api-impl:latest blueocean-pipeline-editor:latest blueocean-pipeline-scm-api:latest blueocean-rest-impl:latest blueocean-rest:latest blueocean-web:latest blueocean:latest bootstrap5-api:latest bouncycastle-api:latest branch-api:latest bruceschneier:latest build-failure-analyzer:latest buildtriggerbadge:latest caffeine-api:latest checks-api:latest cloudbees-bitbucket-branch-source:latest cloudbees-folder:latest command-launcher:latest commons-compress-api:latest commons-lang3-api:latest commons-text-api:latest conditional-buildstep:latest config-file-provider:latest credentials-binding:latest credentials:latest dark-theme:latest dashboard-view:latest display-url-api:latest docker-commons:latest docker-java-api:latest durable-task:latest echarts-api:latest eddsa-api:latest envinject-api:latest envinject:latest email-ext:latest prometheus:latest favorite:latest font-awesome-api:latest generic-webhook-trigger:latest git-client:latest git-server:latest git:latest github-api:latest github-branch-source:latest github:latest gson-api:latest handy-uri-templates-2-api:latest htmlpublisher:latest http_request:latest instance-identity:latest instant-messaging:latest ionicons-api:latest jabber:latest jackson2-api:latest jakarta-activation-api:latest jakarta-mail-api:latest javadoc:latest javax-activation-api:latest javax-mail-api:latest jaxb:latest jdk-tool:latest jenkins-design-language:latest jersey2-api:latest jira:latest jjwt-api:latest job-dsl:latest jobConfigHistory:latest joda-time-api:latest jquery3-api:latest jsch:latest json-api:latest json-path-api:latest jsoup:latest junit:latest ldap:latest login-theme:latest mailer:latest managed-scripts:latest mapdb-api:latest material-theme:latest matrix-auth:latest matrix-project:latest maven-plugin:latest metrics:latest mina-sshd-api-common:latest mina-sshd-api-core:latest monitoring:latest okhttp-api:latest oss-symbols-api:latest pipeline-build-step:latest pipeline-graph-analysis:latest pipeline-groovy-lib:latest pipeline-input-step:latest pipeline-milestone-step:latest pipeline-model-api:latest pipeline-model-definition:latest pipeline-model-extensions:latest pipeline-rest-api:latest pipeline-stage-step:latest pipeline-stage-tags-metadata:latest pipeline-stage-view:latest pipeline-utility-steps:latest plain-credentials:latest plugin-usage-plugin:latest plugin-util-api:latest project-stats-plugin:latest pubsub-light:latest resource-disposer:latest run-condition:latest scm-api:latest script-security:latest slack:latest snakeyaml-api:latest sse-gateway:latest ssh-agent:latest ssh-credentials:latest ssh-slaves:latest sshd:latest structs:latest subversion:latest support-core:latest theme-manager:latest thinBackup:latest token-macro:latest trilead-api:latest variant:latest workflow-aggregator:latest workflow-api:latest workflow-basic-steps:latest workflow-cps:latest workflow-durable-task-step:latest workflow-job:latest workflow-multibranch:latest workflow-scm-step:latest workflow-step-api:latest workflow-support:latest ws-cleanup:latest
Summary:
Kubernetes Credentials Provider Plugin does not load sshUserPrivateKey secrets: "No SecretToCredentialConverter found to convert secrets of type sshUserPrivateKey"
Description:
After upgrading Jenkins and the Kubernetes Credentials Provider Plugin, Jenkins no longer loads SSH credentials from Kubernetes secrets of type sshUserPrivateKey. These credentials do not appear in the Jenkins credential store, and the following warning is shown in the logs:
No SecretToCredentialConverter found to convert secrets of type sshUserPrivateKey
Other credentials (username/password, secret text) load as expected. This issue persists across clean, stateless Jenkins deployments.
Steps to Reproduce:
- Deploy Jenkins using the official jenkins/jenkins:lts or jenkins/jenkins:latest Docker image in Kubernetes.
- Install these plugins (latest versions as of July 2025):
- kubernetes-credentials-provider
- kubernetes-credentials
- credentials
- ssh-credentials
- Create a Kubernetes secret like this:
apiVersion: v1 kind: Secret metadata: name: my-ssh-key namespace: jenkins labels: jenkins.io/credentials-type: sshUserPrivateKey type: sshUserPrivateKey data: ssh-privatekey: (base64-encoded-private-key) username: (base64-encoded-username) passphrase: (base64-encoded-passphrase)
- Start Jenkins and check the credentials store—SSH credentials are missing.
- Check the logs for the warning above.
Expected Behavior:
Jenkins should recognize the Kubernetes secret as an SSH credential and load it.
Actual Behavior:
Jenkins ignores the SSH secret and logs the warning about a missing SecretToCredentialConverter.
Jenkins Version:
lts-jdk17:latest
Plugin Versions:
- kubernetes-credentials-provider:latest
- kubernetes-credentials:latest
- credentials:latest
- ssh-credentials:latest
Kubernetes Version:
k3s
Deployment Method:
YAML
Additional Info:
- Credentials of type username/password and secret text work as expected
- The secret structure is correct and worked in previous plugin versions
- Issue persists with clean deployments (no persistent volume or cache)
- Tried older plugin versions as a workaround, but no success
Logs:
No SecretToCredentialConverter found to convert secrets of type sshUserPrivateKey
Labels:
kubernetes, credentials, ssh, kubernetes-credentials-provider-plugin, bug