How to Add Credentials in Jenkins
In this tutorial, you'll learn about How to Add Credentials in Jenkins. We cover key concepts, practical examples, and best practices.
The Problem
Your Jenkins pipeline needs to authenticate to Git, Docker registries, cloud providers, or other services. Storing credentials in plain text in the pipeline code is insecure. Jenkins' credential store encrypts secrets and injects them at runtime.
Quick Fix
Step 1: Add a username and password credential
- Open Jenkins and go to Dashboard > Manage Jenkins > Credentials.
- Select System > Global credentials (unrestricted).
- Click Add Credentials.
- Set Kind to Username with password.
- Enter the username and password.
- Set ID to
docker-hub-credentials(used to reference in the pipeline). - Click Create.
Step 2: Add an SSH key credential
- Add Credentials > Kind > SSH Username with private key.
- Enter the Username (e.g.,
gitfor GitHub). - Select Enter directly and paste the private key.
- Set ID to
github-ssh-key. - Click Create.
Step 3: Add a secret text (API token)
- Add Credentials > Kind > Secret text.
- Enter the API token as the Secret.
- Set ID to
slack-<a href="/backend/webhooks/">webhook</a>-url. - Click Create.
Step 4: Use credentials in a declarative pipeline
pipeline {
agent any
stages {
stage('Login to Docker Hub') {
steps {
withCredentials([usernamePassword(
credentialsId: 'docker-hub-credentials',
usernameVariable: 'DOCKER_USER',
passwordVariable: 'DOCKER_PASS'
)]) {
sh 'echo "$DOCKER_PASS" | docker login -u "$DOCKER_USER" --password-stdin'
}
}
}
}
}
Step 5: Use SSH key credentials in a pipeline
pipeline {
agent any
stages {
stage('Git Clone') {
steps {
withCredentials([sshUserPrivateKey(
credentialsId: 'github-ssh-key',
keyFileVariable: 'SSH_KEY'
)]) {
sh '''
eval $(ssh-agent -s)
ssh-add "$SSH_KEY"
git clone git@github.com:org/repo.git
'''
}
}
}
}
}
Step 6: Use secret text credentials
pipeline {
agent any
stages {
stage('Notify') {
steps {
withCredentials([string(
credentialsId: 'slack-webhook-url',
variable: 'SLACK_URL'
)]) {
sh 'curl -X POST -d "message=Build complete" "$SLACK_URL"'
}
}
}
}
}
Step 7: Update or delete a credential
- Go to Credentials > System > Global credentials.
- Click the credential ID.
- Click Update to change the value or Delete to remove it.
Step 8: Verify credential masking in logs
Run a pipeline using credentials and check the console output. The secret values appear as **** in the logs.
Alternative Solutions
Use Jenkins' Folder credentials to scope credentials to specific folders, or Pipeline-specific credentials for multibranch pipelines.
Common Errors
Credential not found in pipeline: The credentialsId in the pipeline must match the ID exactly (case-sensitive). Check the ID in the Jenkins UI under the credential details.
SSH key format rejected: Jenkins requires the private key in PEM format. Convert OpenSSH format keys: ssh-keygen -p -m PEM -f ~/.ssh/id_rsa.
Credential appears as **** in logs but does not work: The credential value may have extra whitespace or special characters. Re-enter the credential and test again.
Global credentials exposed to all jobs: Restrict credentials by scope — use folder-scoped or system-scoped credentials instead of global. This limits which pipelines can access them.
Prevention
- Use descriptive credential IDs so pipeline code is self-documenting.
- Scope credentials to the minimum necessary folder or domain.
- Rotate credentials regularly — set reminders in your project management tool.
- Remove unused credentials to reduce the attack surface.
Built by the developers of DodaTech
Doda Browser, DodaZIP & Durga Antivirus Pro