1-888-310-4540 (main) / 1-888-707-6150 (support) info@spkaa.com
Select Page

Using Credentials In Code In CloudBees SDA

Using-Credentials-in-Code
Published by Joshua Kling
on February 7, 2022

Credentials Are Tough By Design

Credentials in Cloudbees SDA are admittedly a little tricky to get to. This is by design.  If it were any easier, it could be a potential security risk. There is really just one way to use credentials in code, and it’s a multi-step process. Here are the steps:

  1. Set the credential.
  2. Attach it to a step.
  3. Use it.

Careful manipulation is required here, as the software requires very exact definitions to get to this information. Any single missed parameter or missing ACL will return an error code.

How To Set The Credential

It is very simple to set a credential in CloudBees SDA.  First, start at the project level, or go to the credential screen, and add a new cred. You’ll be able to add a name, description, username, password, and set it to a local or external credential. Once it’s set, hit OK and head to the location where you intend to use it.

CredentialsInCode

Attachment

Once a credential is set, it’s available in any pipeline or procedure that can access that project. However, you will need to grant explicit access permission for the pipeline or procedure that will use it.  You do this through the attaching feature. From within a pipeline, the code for this command looks like this:

ectool attachCredential "<project name>" "<credential name>" --pipelineName $[/myPipeline] 
--stageName $[/myStage] --taskName $[/myTask]

In this case, all of these flags are important. Please note that if you call it from a procedure context, you’ll need to use –stepName instead of –taskName, as these are different from pipeline tasks.

Using The Credential

Once the credential is attached to a task or step, using it is a simple matter. Use these two lines of code to pull the username or password into any script or bash command:

ectool getFullCredential "/projects/<project name>/credentials/<credential name>" --value password
ectool getFullCredential "/projects/<project name>/credentials/<credential name>" --value userName

They can be set to variables or used inline, depending on the context, such as an API call to a third party tool. Credentials are a powerful tool in CloudBees SDA — they can be used for more than just basic authentication. You can save any kind of secret in the password field, including tokens, making them a convenient way to hide secure information with confidence.

If you have any questions about credentials in SDA, or need help getting started, reach out to us and we’d be happy to help.

Latest White Papers

Infrastructure as Code: Top 10 Do’s and Don’ts

Infrastructure as Code: Top 10 Do’s and Don’ts

The ability to scale a business is no longer solely defined by manpower, money, and on-premises infrastructure. Infrastructure as Code (IaC), in fact, has revolutionized the ability to scale and grow businesses globally. But what is IAC? How can migrating to it enable...

Related Resources

Migrate Jira and Confluence To The Cloud

Migrate Jira and Confluence To The Cloud

Many businesses want to migrate Jira to the Cloud. In this case study we explore the common migration challenges. You'll also discover how SPK helped a leading national consumer financing company overcome their own migration experience.  The Migrate Jira To Cloud...

Jenkins vs Bamboo – What’s The Difference?

Jenkins vs Bamboo – What’s The Difference?

Fewer bugs in releases, availability to constant updates and better deployments are the stuff DevOps dreams are made of. Continuous integration (CI) tools like Bamboo and Jenkins both boast a wealth of CI opportunities. They help streamline and remove tedious tasks...

Infrastructure as Code: Top 10 Do’s and Don’ts

Infrastructure as Code: Top 10 Do’s and Don’ts

The ability to scale a business is no longer solely defined by manpower, money, and on-premises infrastructure. Infrastructure as Code (IaC), in fact, has revolutionized the ability to scale and grow businesses globally. But what is IAC? How can migrating to it enable...