Jenkins: Access global passwords in powershell
Don't confuse EnvInject plugin and Credentials Binding plugin. The two do quite different things, however both allow the manage passwords globally, yet differently.
EnvInject way
- Manage Jenkins -> Configure System
- Under Global Password
- Click Add.
- Enter name (of environment variable) and password.
- Job -> Configure
- Under Build Environment
- check Inject passwords to the build as environment variables.
- Check Global passwords.
- Check Mask password parameters.
Credentials Binding way
- Manage Jenkins -> Manage Credentials
- Click Add Credentials (without domain).
- Select Username with password OR Secret text.
- Enter Username and Password OR Secret.
- Job -> Configure
- Under Build Environment
- Check Use secret text(s) or file(s).
- Under Bindings, click Add.
- Select Username and password OR Secret text.
- Enter Variable name that you want to hold your credentials value.
- Select Specific credentials radio button.
- Select your configured credentials from the drop-down
In your Powershell
- Access these as you would any other environment variable:
$env:VAR_NAME
whereVAR_NAME
is the environment variable name (i.e. step 2 from EnvInject way, or step 4 from Credentials Binding way)
Appendix
EnvInject vs Credentials Binding
- EnvInject passwords will show encrypted in list of environment variables.
- EnvInject passwords will show starred (*****) in console output.
- EnvInject passwords use the same variable name as the global configuration, so you have to remember that global variable name.
| - CB passwords are shown plain text in list of environment variables.
- CB passwords are not starred in console output.
- CB passwords can be bound to any variable name you want in the job from a dropdown, so you don't have to remember that global variable name.
| - Credentials Binding is really more for biding credential files, like certificates and keys, rather than password values.
Username with Password vs Secret Text.
- The former is available in the form
username:password
. - The latter is just
secret
.
In our build we use it the following way (actual code):
$deploymentdir = $env:VC_RES + "\azure". ".\src\Extensions\Setup\VirtoCommerce.PowerShell\deploy-tfs.ps1" -deployment $deploymentdir -solutiondir $env:WORKSPACE
and then pass $deploymentdir as a parameter to ps1, works fine.
The environment variable VC_RES is configured under "Manage Jenkins"->Global Properties. There is a checkbox next to "Environment Variables" and we set those in there. The WORKSPACE variable is set by jenkins itself.