Skip to content

How to Add Credentials in Jenkins

DodaTech 2 min read

In this tutorial, you'll learn about How to Add Credentials in Jenkins. We cover key concepts, practical examples, and best practices.

The Problem

Your Jenkins pipeline needs to authenticate to Git, Docker registries, cloud providers, or other services. Storing credentials in plain text in the pipeline code is insecure. Jenkins' credential store encrypts secrets and injects them at runtime.

Quick Fix

Step 1: Add a username and password credential

  1. Open Jenkins and go to Dashboard > Manage Jenkins > Credentials.
  2. Select System > Global credentials (unrestricted).
  3. Click Add Credentials.
  4. Set Kind to Username with password.
  5. Enter the username and password.
  6. Set ID to docker-hub-credentials (used to reference in the pipeline).
  7. Click Create.

Step 2: Add an SSH key credential

  1. Add Credentials > Kind > SSH Username with private key.
  2. Enter the Username (e.g., git for GitHub).
  3. Select Enter directly and paste the private key.
  4. Set ID to github-ssh-key.
  5. Click Create.

Step 3: Add a secret text (API token)

  1. Add Credentials > Kind > Secret text.
  2. Enter the API token as the Secret.
  3. Set ID to slack-<a href="/backend/webhooks/">webhook</a>-url.
  4. Click Create.

Step 4: Use credentials in a declarative pipeline

pipeline {
    agent any
    stages {
        stage('Login to Docker Hub') {
            steps {
                withCredentials([usernamePassword(
                    credentialsId: 'docker-hub-credentials',
                    usernameVariable: 'DOCKER_USER',
                    passwordVariable: 'DOCKER_PASS'
                )]) {
                    sh 'echo "$DOCKER_PASS" | docker login -u "$DOCKER_USER" --password-stdin'
                }
            }
        }
    }
}

Step 5: Use SSH key credentials in a pipeline

pipeline {
    agent any
    stages {
        stage('Git Clone') {
            steps {
                withCredentials([sshUserPrivateKey(
                    credentialsId: 'github-ssh-key',
                    keyFileVariable: 'SSH_KEY'
                )]) {
                    sh '''
                        eval $(ssh-agent -s)
                        ssh-add "$SSH_KEY"
                        git clone git@github.com:org/repo.git
                    '''
                }
            }
        }
    }
}

Step 6: Use secret text credentials

pipeline {
    agent any
    stages {
        stage('Notify') {
            steps {
                withCredentials([string(
                    credentialsId: 'slack-webhook-url',
                    variable: 'SLACK_URL'
                )]) {
                    sh 'curl -X POST -d "message=Build complete" "$SLACK_URL"'
                }
            }
        }
    }
}

Step 7: Update or delete a credential

  1. Go to Credentials > System > Global credentials.
  2. Click the credential ID.
  3. Click Update to change the value or Delete to remove it.

Step 8: Verify credential masking in logs

Run a pipeline using credentials and check the console output. The secret values appear as **** in the logs.

Alternative Solutions

Use Jenkins' Folder credentials to scope credentials to specific folders, or Pipeline-specific credentials for multibranch pipelines.

Common Errors

Credential not found in pipeline: The credentialsId in the pipeline must match the ID exactly (case-sensitive). Check the ID in the Jenkins UI under the credential details.

SSH key format rejected: Jenkins requires the private key in PEM format. Convert OpenSSH format keys: ssh-keygen -p -m PEM -f ~/.ssh/id_rsa.

Credential appears as **** in logs but does not work: The credential value may have extra whitespace or special characters. Re-enter the credential and test again.

Global credentials exposed to all jobs: Restrict credentials by scope — use folder-scoped or system-scoped credentials instead of global. This limits which pipelines can access them.

Prevention

  • Use descriptive credential IDs so pipeline code is self-documenting.
  • Scope credentials to the minimum necessary folder or domain.
  • Rotate credentials regularly — set reminders in your project management tool.
  • Remove unused credentials to reduce the attack surface.

Built by the developers of DodaTech

Doda Browser, DodaZIP & Durga Antivirus Pro