Jekinsfile withCredentials - where are GIT_USERNAME and GIT_PASSWORD defined

515 views

Skip to first unread message

Adi Lavi

unread,

May 29, 2017, 1:46:04 AM5/29/17

to Jenkins Users

hello,

I am trying to debug an issue with JenkinsFIle using git credentials. It uses the variables GIT_USERNAME and GIT_PASSWORD which seem to be wrong, as the log shows that git commands fail to connect (used to work before, but users have changed).

How can I find where and how these variables are set, so I can fix them?

Thanks

Mark Waite

unread,

May 29, 2017, 1:52:54 AM5/29/17

to Jenkins Users

If you're cloning with http or https protocol, then you may be able to write the URL as:

https://username:password@hostname/path/to/repo.git

Replace username with the evaluated value of GIT_USERNAME and replace password with the evaluated value of GIT_PASSWORD.

If you're cloning with ssh protocol, then you need a private key / public key pair, not GIT_PASSWORD.

The GIT_USERNAME and GIT_PASSWORD environment variables are not read by the git plugin or the git client plugin as far as I can tell. Thus, I assume your jobs were expanding their values and using them in the authentication steps.

They could also have been used as input to a git credential helper, though that would need to be configured on every agent in the home directory of the user running the agent. I recommend against that technique because it increases the work you must do to maintain your agents.

While those are my guesses, my recommendation is that you switch to use the Jenkins credentials system to record your git user name and password inside Jenkins, then modify your job definition to use those recorded credentials. That avoids displaying username and password in job logs, and significantly reduces the risk of someone misusing your username/password combination.

Mark WAite

--
You received this message because you are subscribed to the Google Groups "Jenkins Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email to jenkinsci-use...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/jenkinsci-users/5d5cc159-dae1-4a4f-b45f-9595f5b0e973%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Reply all

Reply to author

Forward

0 new messages