Restrict Jenkins credentials based on use by jobs
Open, Needs TriagePublic
Actions

Assigned To

None

Authored By

	jeena
	Dec 11 2020, 2:38 AM

Description

Restricting the usage of jenkins credentials to only the jobs that need them could make our Jenkins more secure. We could do this by adding the jenkins folders plugin and creating folders for groups of jobs that share the need for certain credentials.

We'd need to move the jobs to folders by adding the folders in jjb and prepending each job's name with the name of the folder to contain it, followed by a forward slash.

We'd also need to move the credentials to folder credentials vs. global credentials. To move the credentials we'd need to decrypt them using the hudson.util.Secret.decrypt method in the Jenkins console and then enter them in as folder-specific credentials.

Event Timeline

jeena created this task.Dec 11 2020, 2:38 AM

Restricted Application added a subscriber: Aklapper. · View Herald TranscriptDec 11 2020, 2:38 AM

jeena added a parent task: T267699: Better way to restrict credentials available to pipelinelib.Dec 11 2020, 2:40 AM

thcipriani removed a parent task: T267699: Better way to restrict credentials available to pipelinelib.Mar 30 2021, 8:10 PM

Restrict Jenkins credentials based on use by jobsOpen, Needs TriagePublicActions

Description

Event Timeline

Restrict Jenkins credentials based on use by jobs
Open, Needs TriagePublic
Actions