Jenkins blue ocean change github access token - jenkins

Jenkins blue ocean pretty cool continuous integration tool, but I faced the following problem:
At the main page, as was asked, I inserted my GitHub access token
And after that I realized that was incorrect token from another company.
And now I want to change to another token but there is no option to do that. I'm always getting the following screen without the possibility to change the key.
I found out that if I the token was deleted from GiHub tokens page I can insert the new one at the page depicted above. But now there is no way to delete that token. I need to resolve the problem from Jenkins UI.
Any Ideas how to change?

Steps to delete the Access-Token:
Go to the 'old' interface (i.e. not Blue Ocean)
Click on your username in the top right
Click on Credentials on the left
You should see an entry with the domain blueocean-github-domain the id github and the name <username>/****** (Github Access Token).
Delete it.
Afterward, BlueOcean will ask for an Access Token again, when using "Github" as the source.

I tried many things, at the moment best solution is to delete project and create new blueocean project with new credentials.

Add a new credential in Jenkins and choose "Username and Password" as the type. The username should be your GitHub username and the password is the API token. Make sure the credential is added to a store that the project has access to.

tkausl's instructions didn't work for me because there was no "Delete" or "Modify" button. So here is my extended solution (it needs shell access).
With shell access, you can find the file where your token is stored (in my case it was ./users//config.xml). However, you cannot just edit that file, because the token is stored in encrypted form (and base64-encoded). So instead, create a new dummy credential with the correct token. The dummy credential gets added (in encrypted form) in the file ./credentials.xml. Open that file and copy the password (in base64 and encrypted form) into where the actual credentials are (./users//config.xml). Finally, go to "Manage Jenkins" > "Reload Configuration from Disk".

I think #bhow has something similar but just to make it clear - you don't need to delete the project or the existing token.
You can go to Blue Ocean, choose the project and then choose the gear icon to change the project settings.
Under "Branch Sources" you'll see the current Github credentials. From there you can choose to add new credentials. In my case I added a new "Username with password" where the username was my username, and password was my Github token. By choosing this new option from the credentials dropdown I could see that the authenticated user changed.

Related

Credentials not available in Jenkins Pull Request Builder plugin

I have added global credentials in Jenkins.
However when I try to add then in my Pull Request builder plugin configuration, they don't seem available.
Any suggestions?
Using Jenkins 2.303.1
(the arrow on the left of the Add drop-down does not do anything)
The instructions in the GitHub pull request builder plugin documentation says that you need to "select Kind -> Secret text". Based on the icon in your credentials list, I think you have defined a credential type "Private key".
The pull request builder likely uses the GitHub API's to perform many of its operations. GitHub API's rely on a username and a personal access token. They generally do not support a private key as the credential.
Define a secret text credential as described in the online help.

Git checking out external project in jenkins pipeline using user and password

Reading this answer the way of checking out an external project from a jenkins pipeline is as follows:
git branch: 'master',
credentialsId: '12345-1234-4696-af25-123455',
url: 'ssh://git#bitbucket.org:company/repo.git'
The author of the post also says:
If you're using the ssh url then your credentials must be username + private key. If you're using the https clone url instead of the ssh one, then your credentials should be username + password.
However, not fully clear how the second case works (https URL and username + password)... Which syntax is use in this case for creadentialsId? Or that field is not used and others are used to specify username and password? Could somebody provide an example of it, please?
Thanks!
Store the username and password on Jenkins by following:
https://www.jenkins.io/doc/book/using/using-credentials/
Adding new global credentials To add new global credentials to your
Jenkins instance:
If required, ensure you are logged in to Jenkins (as a user with the
Credentials > Create permission). From the Jenkins home page (i.e. the
Dashboard of the Jenkins classic UI), click Manage Jenkins > Manage
Credentials. image
Under Stores scoped to Jenkins on the right, click on Jenkins. image
Under System, click the Global credentials (unrestricted) link to
access this default domain. image
Click Add Credentials on the left. Note: If there are no credentials
in this default domain, you could also click the add some credentials
link (which is the same as clicking the Add Credentials link). From
the Kind field, choose the type of credentials to add. From the Scope
field, choose either: Global - if the credential/s to be added is/are
for a Pipeline project/item. Choosing this option applies the scope of
the credential/s to the Pipeline project/item "object" and all its
descendent objects. System - if the credential/s to be added is/are
for the Jenkins instance itself to interact with system administration
functions, such as email authentication, agent connection, etc.
Choosing this option applies the scope of the credential/s to a single
object only. Add the credentials themselves into the appropriate
fields for your chosen credential type: Secret text - copy the secret
text and paste it into the Secret field. Username and password -
specify the credential’s Username and Password in their respective
fields. Secret file - click the Choose file button next to the File
field to select the secret file to upload to Jenkins. SSH Username
with private key - specify the credentials Username, Private Key and
optional Passphrase into their respective fields. Note: Choosing Enter
directly allows you to copy the private key’s text and paste it into
the resulting Key text box. Certificate - specify the Certificate and
optional Password. Choosing Upload PKCS#12 certificate allows you to
upload the certificate as a file via the resulting Upload certificate
button. Docker Host Certificate Authentication - copy and paste the
appropriate details into the Client Key, Client Certificate and Server
CA Certificate fields. In the ID field, specify a meaningful
credential ID value - for example,
jenkins-user-for-xyz-artifact-repository. The inbuilt (default)
credentials provider can use upper- or lower-case letters for the
credential ID, as well as any valid separator character, other
credential providers may apply further restrictions on allowed
characters or lengths. However, for the benefit of all users on your
Jenkins instance, it is best to use a single and consistent convention
for specifying credential IDs. Note: This field is optional. If you do
not specify its value, Jenkins assigns a globally unique ID (GUID)
value for the credential ID. Bear in mind that once a credential ID is
set, it can no longer be changed. Specify an optional Description for
the credential/s. Click OK to save the credentials
Then, use the ID from that in the credentialsId field in the code above.

Jenkins: Use personal credentials for project

I'm hosting a project on my Jenkins server. That project has a GitHub repo and I have it set up so it automatically builds new commits. In order for that to work, I need to input credentials for a github account that has full access to the repo.
The problem is, that if I want him to add his login info to the credentials list, I'd have to give him acces to all credentials on the server (I don't want that).
I tried using the credentials under "{username}" > "Credentials", but those didn't show up in the project setup (even with 100% access to everything on the server).
Is there a way for the user to store his credentials and use them for the project without giving him full access to all credentials on the server?
Add the user's credentials under Global security and then allow project based Matrix Authorization Strategy per project as shown:
I found the answer in this mailing list entry:
In short: You need to
install and activate the Authorize Projects Plugin,
enable "run as specific user" strategy in global security settings,
enable this for the project in question.
This allows you to use the credentials for this specific user.
Enabling ssh-agent is the final step to make this work conveniently.

How to use Jenkins credential store when accessing CVS?

Is there a way to use the credential store with the CVS plugin to access a CVS repository? Looking for a way to store credential once and have one place to change it, despite many jobs making use of it.
The CVS plugin doesn't use the credentials store directly (although there are potential plans to move to this in a future overhaul of the plugin), but it does have a concept of global credentials which should provide what you need. The reason for having something separate from global credentials was that CVS introduced this prior to the credentials plugin being available and the steps have never been taken to try and perform a migration.
To use this credential feature, ensure you have version 2.4 or above of the CVS plugin, goto your 'Manage Configuration' screen, scroll down to the CVS section and click the 'Add' button next to the 'Authentication' option. Once you've added any credentials in here, go back to the jobs you're wanting to use the global credentials on, check the CVS root matches what you put in the authentication section and that it doesn't contain a username and then run your job. When running, the console should then show 'Using globally configured credentials for...' when trying to connect to CVS.

How can I set the jenkins authentication token?

On my Jenkins build server, I want to set an Authentication Token so that only users that know the token can fire off builds. (As described here.)
This doc page says that it should be configurable under my job's "Build Triggers" configuration.
However, my server has no such fields, and I'm running the latest version (1.546). Mine looks like this:
.
As you can see, this doesn't really look like the docs say it should.
How can I set this token?
You're missing the Trigger builds remotely (e.g., from scripts) Build Trigger:
This is only visible with Security enabled. To get this option from a freshly downloaded 1.546 WAR, I changed Configure Global Security from Anyone can do anything to at least Logged-in users can do anything. For ease/speed of testing, under Security Realm I selected Jenkins’ own user database and Allow users to sign up:
You can go to http://Jenkins-IP/jobs/me/configure to check and change your API access token. Also check whether the user you intend to use has necessary permissions to execute the builds in Manage Jenkins>Configure Global Security
Each jenkins user gets an authentication token - applicable since version 1.426 (more).
You can see yours, provided you are logged in your jenkins server, at http://your.jenkins.server/me/configure
(press 'show API token' button)
Then you can copy and paste it in your scripts (e.g. see here for an example usage).

Resources