SSH-Submodule with different authentication within pipeline
38 views
Skip to first unread message
Dieter Guthmann
Mar 11, 2025, 2:36:12 AMMar 11
to jenkins...@googlegroups.com
Hello Jenkins users,
we have a project, where a new submodule has to be integrated, which is checked
out from a different location via SSH.
Our main repository (where the Jenkinsfile is located) is on Bitbucket (onPrem)
and now a repository from AzureDevOps has to be integrated.
How can I achieve, that a different credential is loaded out of the jenkins
credential store for this submodule?
We've the checkbox 'Use credentials from default remote of parent repository'
enabled for 'advanced sub-module behaviours'.
At my research I found solutions like 'reference to submodule via
https://user:pa...@dev.azure.com/' but since passwords on Azure need to be changed
regularly, a commit to the main repository would be required regularly just to
keep the credentials up to date. :(
I would prefer SSH usage for submodule anyway.
Thanks for every hint.
Dieter
we have a project, where a new submodule has to be integrated, which is checked
out from a different location via SSH.
Our main repository (where the Jenkinsfile is located) is on Bitbucket (onPrem)
and now a repository from AzureDevOps has to be integrated.
How can I achieve, that a different credential is loaded out of the jenkins
credential store for this submodule?
We've the checkbox 'Use credentials from default remote of parent repository'
enabled for 'advanced sub-module behaviours'.
At my research I found solutions like 'reference to submodule via
https://user:pa...@dev.azure.com/' but since passwords on Azure need to be changed
regularly, a commit to the main repository would be required regularly just to
keep the credentials up to date. :(
I would prefer SSH usage for submodule anyway.
Thanks for every hint.
Dieter
Björn Pedersen
Mar 11, 2025, 3:25:04 AMMar 11
to Jenkins Users
d.guthmann schrieb am Dienstag, 11. März 2025 um 07:36:12 UTC+1:
Hello Jenkins users,
we have a project, where a new submodule has to be integrated, which is checked
out from a different location via SSH.
Our main repository (where the Jenkinsfile is located) is on Bitbucket (onPrem)
and now a repository from AzureDevOps has to be integrated.
How can I achieve, that a different credential is loaded out of the jenkins
credential store for this submodule?
We've the checkbox 'Use credentials from default remote of parent repository'
enabled for 'advanced sub-module behaviours'.
I would configure the submodule with the correct username( if it differs from the bitbucket one) and
use a shared ssh private key ( upload the public key to both bitbucket and azure) as the easiest solution. Or use th ssh-agent plugin to
inject all relevant key into your pipeline.
Dieter Guthmann
Mar 11, 2025, 3:42:11 PMMar 11
to jenkins...@googlegroups.com
Hi,
thank you for your quick reply.
Björn Pedersen wrote:
It's not possible to let the credentials automatically be chosen by domain name out of the jenkins credentials store?
One other solution we've found would be to mirror the azure DevOps Repository onto bitbucket.
Dieter
thank you for your quick reply.
Björn Pedersen wrote:
> > Dieter Guthmann wrote:
>
> > How can I achieve, that a different credential is loaded out of the jenkins
> > credential store for this submodule?
> > We've the checkbox 'Use credentials from default remote of parent repository'
> > enabled for 'advanced sub-module behaviours'.
>
>
> I would configure the submodule with the correct username( if it differs from
> the bitbucket one) and
> use a shared ssh private key ( upload the public key to both bitbucket and
> azure) as the easiest solution. Or use th ssh-agent plugin to
> inject all relevant key into your pipeline.
The solution with the identical SSH keys for bitbucket and azure makes necessary, that we also revoke the key for bitbucket when azure wants a new key :(
>
> > How can I achieve, that a different credential is loaded out of the jenkins
> > credential store for this submodule?
> > We've the checkbox 'Use credentials from default remote of parent repository'
> > enabled for 'advanced sub-module behaviours'.
>
>
> I would configure the submodule with the correct username( if it differs from
> the bitbucket one) and
> use a shared ssh private key ( upload the public key to both bitbucket and
> azure) as the easiest solution. Or use th ssh-agent plugin to
> inject all relevant key into your pipeline.
It's not possible to let the credentials automatically be chosen by domain name out of the jenkins credentials store?
One other solution we've found would be to mirror the azure DevOps Repository onto bitbucket.
Dieter
Reply all
Reply to author
Forward
0 new messages