如何从詹金斯“带密码的用户名”参数中提取用户名和密码？

Question

I have a Jenkins pipeline job. It takes several parameters, one of which is a "Username with password" parameter, which is set to a "service account" that I've had provisioned.

This is used in the "StashNotifier" to notify BitBucket of the results of a build.

I now have to add some "scp/ssh" steps to the job, and I'd like to use the same service account principal and credentials. I could manually add two parameters, redundant copies of the username and password of the service account parameter, but I would really like to just extract the pieces from the existing "Username and password" parameter.

Is it possible to do that?

Answer 1

withCredentials([[$class: 'UsernamePasswordMultiBinding', credentialsId: credentialsId, usernameVariable: 'USERNAME', passwordVariable: 'PASSWORD']]) { 
    // use USERNAME and PASSWORD as envs - ${USERNAME}
    // credentialId is the credential id from Credentials tab 
}

Answer 2

Generally speaking if you are using ssh/scp the ssh-agent is what you want. (And usually you also want public key authentication instead of the password, but that is another story)

node {
    sshagent (credentials: ['your-credential-id']) {
        sh 'ssh blaa blaa'
    }
}

Answer 3

As mentioned by @jil it would make things a lot easier if you'd use ssh keys for the authentication at your SSH server - assuming your jenkins server is running on a linux / unix machine. You can add the keys to the system user jenkins which runs Jenkins and copy it to the machine to which you want to connect for your scp / ssh steps. Afterwards you can directly use any ssh / scp command without providing a password.

There are some security considerations though: adding the SSH key to the jenkins user enables every job on the Jenkins server to access your SSH server.

If this is not a problem for you - this is a good article on how to use ssh keys .