Job DSL: How to Use Credentials Store for authenticationToken

[Matthias Fuchs]

Hi,

I store the job specifications via job DSL on github.
For one job I need an authentication token.

The docu of authenticationToken mentions:
"... For security reasons, do not use a hard-coded token. See Handling Credentials for details about handling credentials in DSL scripts."

But I could not find any details on the "Handling Credentials" page related to authenticationToken.
Could you please help me out how to store and access the tokens securely, so that I can upload the job definitions on github?

Best,
Matthias

[Steffen Elste]

Hi,

to a certain extent it depends on how paranoid You allow yourself to get ;-)

One solution could be to use indirection, e.g. via the Config File Provider Plugin.

Use an arbitrary token in your job description, and in an additional build step access a configuration file to read the actual access token that is necessary ... via simple properties.

That way You could use different IDs for each Jenkins instance, if that is a requirement, and the mapping is done via the configuration file.

Cheers,

Steffen

[Matthias Fuchs]

Thanks for the idea!

In the meantime I also thought of a different idea:

1.  having global properties for the auth token, e.g. Name: MY_TOKEN  Value: 123
   
2. Access the token directly from the job dsl, e.g. authenticationToken(MY_TOKEN)

Since the seed-job has access to the environment you from the job-dsl have access too.

Best,
Matthias