The following plugin provides functionality available through Pipeline-compatible steps. Read more about how to integrate steps into your Pipeline in the Steps section of the Pipeline Syntax page.

For a list of other such plugins, see the Pipeline Steps Reference page.

1Password Secrets

withSecrets: 1Password Secrets

  • config (optional)
      Nested Object
    • connectCredential (optional)
        Nested Choice of Objects
      • $class: 'EksTokenCredentials'
        • scope
          Determines where this credential can be used.
          System
          This credential is only available to the object on which the credential is associated. Typically you would use system-scoped credentials for things like email auth, agent connection, etc, i.e. where the Jenkins instance itself is using the credential. Unlike the global scope, this significantly restricts where the credential can be used, thereby providing a higher degree of confidentiality to the credential.
          Global
          This credential is available to the object on which the credential is associated and all objects that are children of that object. Typically you would use global-scoped credentials for things that are needed by jobs.

          In general, a credential is defined in one place (e.g., the credentials configuration page under "Manage Jenkins") and then used in another place (e.g., when connecting to a new SSH build agent). The scope allows you to say "this credential is only used by these places" by looking at the relationship between the two locations.

          • Values: SYSTEM, GLOBAL, USER
        • id : String
          An internal unique ID by which these credentials are identified from jobs and other configuration. Normally left blank, in which case an ID will be generated, which is fine for jobs created using visual forms. Useful to specify explicitly when using credentials from scripted configuration.
        • description : String
          An optional description to help tell similar credentials apart.
        • clusterName : String
        • region : String
        • awsCredentialsId : String (optional)
      • $class: 'FileSystemServiceAccountCredential'
        • scope
          Determines where this credential can be used.
          System
          This credential is only available to the object on which the credential is associated. Typically you would use system-scoped credentials for things like email auth, agent connection, etc, i.e. where the Jenkins instance itself is using the credential. Unlike the global scope, this significantly restricts where the credential can be used, thereby providing a higher degree of confidentiality to the credential.
          Global
          This credential is available to the object on which the credential is associated and all objects that are children of that object. Typically you would use global-scoped credentials for things that are needed by jobs.

          In general, a credential is defined in one place (e.g., the credentials configuration page under "Manage Jenkins") and then used in another place (e.g., when connecting to a new SSH build agent). The scope allows you to say "this credential is only used by these places" by looking at the relationship between the two locations.

          • Values: SYSTEM, GLOBAL, USER
        • id : String
          An internal unique ID by which these credentials are identified from jobs and other configuration. Normally left blank, in which case an ID will be generated, which is fine for jobs created using visual forms. Useful to specify explicitly when using credentials from scripted configuration.
        • description : String
          An optional description to help tell similar credentials apart.
      • idToken
        Supplies an OpenID Connect id token (JWT) with claims about the current build.
        • scope
          Determines where this credential can be used.
          System
          This credential is only available to the object on which the credential is associated. Typically you would use system-scoped credentials for things like email auth, agent connection, etc, i.e. where the Jenkins instance itself is using the credential. Unlike the global scope, this significantly restricts where the credential can be used, thereby providing a higher degree of confidentiality to the credential.
          Global
          This credential is available to the object on which the credential is associated and all objects that are children of that object. Typically you would use global-scoped credentials for things that are needed by jobs.

          In general, a credential is defined in one place (e.g., the credentials configuration page under "Manage Jenkins") and then used in another place (e.g., when connecting to a new SSH build agent). The scope allows you to say "this credential is only used by these places" by looking at the relationship between the two locations.

          • Values: SYSTEM, GLOBAL, USER
        • id : String
          An internal unique ID by which these credentials are identified from jobs and other configuration. Normally left blank, in which case an ID will be generated, which is fine for jobs created using visual forms. Useful to specify explicitly when using credentials from scripted configuration.
        • description : String
          An optional description to help tell similar credentials apart.
        • audience : String (optional)
          Optional audience claim for the id token.
        • issuer : String (optional)
          Alternate issuer URL. If specified, you must be prepared to serve .well-known/openid-configuration and jwks from that location as application/json documents. Jenkins will continue to maintain the private key, but beware that unauthorized modification of either document could allow id tokens to be forged.
      • $class: 'SecretPersonalAccessTokenCredentials'
        • scope
          Determines where this credential can be used.
          System
          This credential is only available to the object on which the credential is associated. Typically you would use system-scoped credentials for things like email auth, agent connection, etc, i.e. where the Jenkins instance itself is using the credential. Unlike the global scope, this significantly restricts where the credential can be used, thereby providing a higher degree of confidentiality to the credential.
          Global
          This credential is available to the object on which the credential is associated and all objects that are children of that object. Typically you would use global-scoped credentials for things that are needed by jobs.

          In general, a credential is defined in one place (e.g., the credentials configuration page under "Manage Jenkins") and then used in another place (e.g., when connecting to a new SSH build agent). The scope allows you to say "this credential is only used by these places" by looking at the relationship between the two locations.

          • Values: SYSTEM, GLOBAL, USER
        • id : String
          An internal unique ID by which these credentials are identified from jobs and other configuration. Normally left blank, in which case an ID will be generated, which is fine for jobs created using visual forms. Useful to specify explicitly when using credentials from scripted configuration.
        • description : String
          An optional description to help tell similar credentials apart.
        • servicePrincipalId : String
          The Azure Service Principal credentials used to communicate with the Azure services. Check the following documentation for more information about the service principal:
        • secretIdentifier : String

          Secret identifier can be found on Azure Portal.

          Secret value will be interpreted as plain text.

      • $class: 'SecretSSHUserPrivateKeyCredentials'
        • scope
          Determines where this credential can be used.
          System
          This credential is only available to the object on which the credential is associated. Typically you would use system-scoped credentials for things like email auth, agent connection, etc, i.e. where the Jenkins instance itself is using the credential. Unlike the global scope, this significantly restricts where the credential can be used, thereby providing a higher degree of confidentiality to the credential.
          Global
          This credential is available to the object on which the credential is associated and all objects that are children of that object. Typically you would use global-scoped credentials for things that are needed by jobs.

          In general, a credential is defined in one place (e.g., the credentials configuration page under "Manage Jenkins") and then used in another place (e.g., when connecting to a new SSH build agent). The scope allows you to say "this credential is only used by these places" by looking at the relationship between the two locations.

          • Values: SYSTEM, GLOBAL, USER
        • id : String
          An internal unique ID by which these credentials are identified from jobs and other configuration. Normally left blank, in which case an ID will be generated, which is fine for jobs created using visual forms. Useful to specify explicitly when using credentials from scripted configuration.
        • description : String
          An optional description to help tell similar credentials apart.
        • servicePrincipalId : String
          The Azure Service Principal credentials used to communicate with the Azure services. Check the following documentation for more information about the service principal:
        • secretIdentifier : String

          Secret identifier can be found on Azure Portal.

          Secret value will be interpreted as yaml. The following is an example

                  username: jenkins
                  passphrase:
                  privateKey: |
                    -----BEGIN RSA PRIVATE KEY-----
                    MIIEpAIBAAKCAQEAnWLC5QGdQNii4oDosvY5hXEGOGQXFsw1YFMkyG+xY5kUIxc3
                    :
                    :
                    BZC5SbkVLUxtoPubf2op4lJoxbBX4p0qcA8Iu6HVJFDkWhPvuH7O5g==
                    -----END RSA PRIVATE KEY-----
              

          The following example uses the az-cli to load a yaml file as a secret into an Azure Keyvault

              az keyvault secret --vault-name jenkins --name ssh-cred --file ssh-cred.yaml
              
      • $class: 'SecretStringCredentials'
        • scope
          Determines where this credential can be used.
          System
          This credential is only available to the object on which the credential is associated. Typically you would use system-scoped credentials for things like email auth, agent connection, etc, i.e. where the Jenkins instance itself is using the credential. Unlike the global scope, this significantly restricts where the credential can be used, thereby providing a higher degree of confidentiality to the credential.
          Global
          This credential is available to the object on which the credential is associated and all objects that are children of that object. Typically you would use global-scoped credentials for things that are needed by jobs.

          In general, a credential is defined in one place (e.g., the credentials configuration page under "Manage Jenkins") and then used in another place (e.g., when connecting to a new SSH build agent). The scope allows you to say "this credential is only used by these places" by looking at the relationship between the two locations.

          • Values: SYSTEM, GLOBAL, USER
        • id : String
          An internal unique ID by which these credentials are identified from jobs and other configuration. Normally left blank, in which case an ID will be generated, which is fine for jobs created using visual forms. Useful to specify explicitly when using credentials from scripted configuration.
        • description : String
          An optional description to help tell similar credentials apart.
        • servicePrincipalId : String
        • secretIdentifier : String
      • $class: 'SecretUsernamePasswordCredentials'
        • scope
          Determines where this credential can be used.
          System
          This credential is only available to the object on which the credential is associated. Typically you would use system-scoped credentials for things like email auth, agent connection, etc, i.e. where the Jenkins instance itself is using the credential. Unlike the global scope, this significantly restricts where the credential can be used, thereby providing a higher degree of confidentiality to the credential.
          Global
          This credential is available to the object on which the credential is associated and all objects that are children of that object. Typically you would use global-scoped credentials for things that are needed by jobs.

          In general, a credential is defined in one place (e.g., the credentials configuration page under "Manage Jenkins") and then used in another place (e.g., when connecting to a new SSH build agent). The scope allows you to say "this credential is only used by these places" by looking at the relationship between the two locations.

          • Values: SYSTEM, GLOBAL, USER
        • id : String
          An internal unique ID by which these credentials are identified from jobs and other configuration. Normally left blank, in which case an ID will be generated, which is fine for jobs created using visual forms. Useful to specify explicitly when using credentials from scripted configuration.
        • description : String
          An optional description to help tell similar credentials apart.
        • servicePrincipalId : String
          The Azure Service Principal credentials used to communicate with the Azure services. Check the following documentation for more information about the service principal:
        • secretIdentifier : String

          Secret identifier can be found on Azure Portal.

          Secret value will be interpreted as yaml. The following is an example

                  username: jenkins
                  password: P@ssword
              

          The following example uses the az-cli to load a yaml file as a secret into an Azure Keyvault

              az keyvault secret --vault-name jenkins --name jenkins-cred --file jenkins-cred.yaml
              
      • $class: 'StringCredentialsImpl'
        • scope
          Determines where this credential can be used.
          System
          This credential is only available to the object on which the credential is associated. Typically you would use system-scoped credentials for things like email auth, agent connection, etc, i.e. where the Jenkins instance itself is using the credential. Unlike the global scope, this significantly restricts where the credential can be used, thereby providing a higher degree of confidentiality to the credential.
          Global
          This credential is available to the object on which the credential is associated and all objects that are children of that object. Typically you would use global-scoped credentials for things that are needed by jobs.

          In general, a credential is defined in one place (e.g., the credentials configuration page under "Manage Jenkins") and then used in another place (e.g., when connecting to a new SSH build agent). The scope allows you to say "this credential is only used by these places" by looking at the relationship between the two locations.

          • Values: SYSTEM, GLOBAL, USER
        • id : String
          An internal unique ID by which these credentials are identified from jobs and other configuration. Normally left blank, in which case an ID will be generated, which is fine for jobs created using visual forms. Useful to specify explicitly when using credentials from scripted configuration.
        • description : String
          An optional description to help tell similar credentials apart.
        • secret
          • Type: class hudson.util.Secret
      • $class: 'VaultStringCredentialImpl'
        • scope
          Determines where this credential can be used.
          System
          This credential is only available to the object on which the credential is associated. Typically you would use system-scoped credentials for things like email auth, agent connection, etc, i.e. where the Jenkins instance itself is using the credential. Unlike the global scope, this significantly restricts where the credential can be used, thereby providing a higher degree of confidentiality to the credential.
          Global
          This credential is available to the object on which the credential is associated and all objects that are children of that object. Typically you would use global-scoped credentials for things that are needed by jobs.

          In general, a credential is defined in one place (e.g., the credentials configuration page under "Manage Jenkins") and then used in another place (e.g., when connecting to a new SSH build agent). The scope allows you to say "this credential is only used by these places" by looking at the relationship between the two locations.

          • Values: SYSTEM, GLOBAL, USER
        • id : String
          An internal unique ID by which these credentials are identified from jobs and other configuration. Normally left blank, in which case an ID will be generated, which is fine for jobs created using visual forms. Useful to specify explicitly when using credentials from scripted configuration.
        • description : String
          An optional description to help tell similar credentials apart.
        • engineVersion : int (optional)
        • namespace : String (optional)
          The Vault Namespace the secret resides in. Leave blank if namespaces are not enabled or the secret is part of the root namespace.

          Note: Namespaces are a feature of Vault Enterprise.

        • path : String (optional)
          The Vault secret path. Example "kv/eng/apikey/google".
        • prefixPath : String (optional)
          The secret engine prefix path. Use this to identify the path the secret engine (i.e. kv) is mounted to if it is not mounted at the root.

          For example if the secret path is "team1/kv/database" the prefix path would be "team1/kv". If the secret path is "kv/database" the prefix path can be left blank.

        • vaultKey : String (optional)
    • connectCredentialId : String (optional)
      A secret text credential that contains the 1Password Connect Token
    • connectHost : String (optional)
      Host where Connect is deployed
    • opCLIPath : String (optional)
      Path to the 1Password CLI
    • serviceAccountCredential (optional)
        Nested Choice of Objects
      • $class: 'EksTokenCredentials'
        • scope
          Determines where this credential can be used.
          System
          This credential is only available to the object on which the credential is associated. Typically you would use system-scoped credentials for things like email auth, agent connection, etc, i.e. where the Jenkins instance itself is using the credential. Unlike the global scope, this significantly restricts where the credential can be used, thereby providing a higher degree of confidentiality to the credential.
          Global
          This credential is available to the object on which the credential is associated and all objects that are children of that object. Typically you would use global-scoped credentials for things that are needed by jobs.

          In general, a credential is defined in one place (e.g., the credentials configuration page under "Manage Jenkins") and then used in another place (e.g., when connecting to a new SSH build agent). The scope allows you to say "this credential is only used by these places" by looking at the relationship between the two locations.

          • Values: SYSTEM, GLOBAL, USER
        • id : String
          An internal unique ID by which these credentials are identified from jobs and other configuration. Normally left blank, in which case an ID will be generated, which is fine for jobs created using visual forms. Useful to specify explicitly when using credentials from scripted configuration.
        • description : String
          An optional description to help tell similar credentials apart.
        • clusterName : String
        • region : String
        • awsCredentialsId : String (optional)
      • $class: 'FileSystemServiceAccountCredential'
        • scope
          Determines where this credential can be used.
          System
          This credential is only available to the object on which the credential is associated. Typically you would use system-scoped credentials for things like email auth, agent connection, etc, i.e. where the Jenkins instance itself is using the credential. Unlike the global scope, this significantly restricts where the credential can be used, thereby providing a higher degree of confidentiality to the credential.
          Global
          This credential is available to the object on which the credential is associated and all objects that are children of that object. Typically you would use global-scoped credentials for things that are needed by jobs.

          In general, a credential is defined in one place (e.g., the credentials configuration page under "Manage Jenkins") and then used in another place (e.g., when connecting to a new SSH build agent). The scope allows you to say "this credential is only used by these places" by looking at the relationship between the two locations.

          • Values: SYSTEM, GLOBAL, USER
        • id : String
          An internal unique ID by which these credentials are identified from jobs and other configuration. Normally left blank, in which case an ID will be generated, which is fine for jobs created using visual forms. Useful to specify explicitly when using credentials from scripted configuration.
        • description : String
          An optional description to help tell similar credentials apart.
      • idToken
        Supplies an OpenID Connect id token (JWT) with claims about the current build.
        • scope
          Determines where this credential can be used.
          System
          This credential is only available to the object on which the credential is associated. Typically you would use system-scoped credentials for things like email auth, agent connection, etc, i.e. where the Jenkins instance itself is using the credential. Unlike the global scope, this significantly restricts where the credential can be used, thereby providing a higher degree of confidentiality to the credential.
          Global
          This credential is available to the object on which the credential is associated and all objects that are children of that object. Typically you would use global-scoped credentials for things that are needed by jobs.

          In general, a credential is defined in one place (e.g., the credentials configuration page under "Manage Jenkins") and then used in another place (e.g., when connecting to a new SSH build agent). The scope allows you to say "this credential is only used by these places" by looking at the relationship between the two locations.

          • Values: SYSTEM, GLOBAL, USER
        • id : String
          An internal unique ID by which these credentials are identified from jobs and other configuration. Normally left blank, in which case an ID will be generated, which is fine for jobs created using visual forms. Useful to specify explicitly when using credentials from scripted configuration.
        • description : String
          An optional description to help tell similar credentials apart.
        • audience : String (optional)
          Optional audience claim for the id token.
        • issuer : String (optional)
          Alternate issuer URL. If specified, you must be prepared to serve .well-known/openid-configuration and jwks from that location as application/json documents. Jenkins will continue to maintain the private key, but beware that unauthorized modification of either document could allow id tokens to be forged.
      • $class: 'SecretPersonalAccessTokenCredentials'
        • scope
          Determines where this credential can be used.
          System
          This credential is only available to the object on which the credential is associated. Typically you would use system-scoped credentials for things like email auth, agent connection, etc, i.e. where the Jenkins instance itself is using the credential. Unlike the global scope, this significantly restricts where the credential can be used, thereby providing a higher degree of confidentiality to the credential.
          Global
          This credential is available to the object on which the credential is associated and all objects that are children of that object. Typically you would use global-scoped credentials for things that are needed by jobs.

          In general, a credential is defined in one place (e.g., the credentials configuration page under "Manage Jenkins") and then used in another place (e.g., when connecting to a new SSH build agent). The scope allows you to say "this credential is only used by these places" by looking at the relationship between the two locations.

          • Values: SYSTEM, GLOBAL, USER
        • id : String
          An internal unique ID by which these credentials are identified from jobs and other configuration. Normally left blank, in which case an ID will be generated, which is fine for jobs created using visual forms. Useful to specify explicitly when using credentials from scripted configuration.
        • description : String
          An optional description to help tell similar credentials apart.
        • servicePrincipalId : String
          The Azure Service Principal credentials used to communicate with the Azure services. Check the following documentation for more information about the service principal:
        • secretIdentifier : String

          Secret identifier can be found on Azure Portal.

          Secret value will be interpreted as plain text.

      • $class: 'SecretSSHUserPrivateKeyCredentials'
        • scope
          Determines where this credential can be used.
          System
          This credential is only available to the object on which the credential is associated. Typically you would use system-scoped credentials for things like email auth, agent connection, etc, i.e. where the Jenkins instance itself is using the credential. Unlike the global scope, this significantly restricts where the credential can be used, thereby providing a higher degree of confidentiality to the credential.
          Global
          This credential is available to the object on which the credential is associated and all objects that are children of that object. Typically you would use global-scoped credentials for things that are needed by jobs.

          In general, a credential is defined in one place (e.g., the credentials configuration page under "Manage Jenkins") and then used in another place (e.g., when connecting to a new SSH build agent). The scope allows you to say "this credential is only used by these places" by looking at the relationship between the two locations.

          • Values: SYSTEM, GLOBAL, USER
        • id : String
          An internal unique ID by which these credentials are identified from jobs and other configuration. Normally left blank, in which case an ID will be generated, which is fine for jobs created using visual forms. Useful to specify explicitly when using credentials from scripted configuration.
        • description : String
          An optional description to help tell similar credentials apart.
        • servicePrincipalId : String
          The Azure Service Principal credentials used to communicate with the Azure services. Check the following documentation for more information about the service principal:
        • secretIdentifier : String

          Secret identifier can be found on Azure Portal.

          Secret value will be interpreted as yaml. The following is an example

                  username: jenkins
                  passphrase:
                  privateKey: |
                    -----BEGIN RSA PRIVATE KEY-----
                    MIIEpAIBAAKCAQEAnWLC5QGdQNii4oDosvY5hXEGOGQXFsw1YFMkyG+xY5kUIxc3
                    :
                    :
                    BZC5SbkVLUxtoPubf2op4lJoxbBX4p0qcA8Iu6HVJFDkWhPvuH7O5g==
                    -----END RSA PRIVATE KEY-----
              

          The following example uses the az-cli to load a yaml file as a secret into an Azure Keyvault

              az keyvault secret --vault-name jenkins --name ssh-cred --file ssh-cred.yaml
              
      • $class: 'SecretStringCredentials'
        • scope
          Determines where this credential can be used.
          System
          This credential is only available to the object on which the credential is associated. Typically you would use system-scoped credentials for things like email auth, agent connection, etc, i.e. where the Jenkins instance itself is using the credential. Unlike the global scope, this significantly restricts where the credential can be used, thereby providing a higher degree of confidentiality to the credential.
          Global
          This credential is available to the object on which the credential is associated and all objects that are children of that object. Typically you would use global-scoped credentials for things that are needed by jobs.

          In general, a credential is defined in one place (e.g., the credentials configuration page under "Manage Jenkins") and then used in another place (e.g., when connecting to a new SSH build agent). The scope allows you to say "this credential is only used by these places" by looking at the relationship between the two locations.

          • Values: SYSTEM, GLOBAL, USER
        • id : String
          An internal unique ID by which these credentials are identified from jobs and other configuration. Normally left blank, in which case an ID will be generated, which is fine for jobs created using visual forms. Useful to specify explicitly when using credentials from scripted configuration.
        • description : String
          An optional description to help tell similar credentials apart.
        • servicePrincipalId : String
        • secretIdentifier : String
      • $class: 'SecretUsernamePasswordCredentials'
        • scope
          Determines where this credential can be used.
          System
          This credential is only available to the object on which the credential is associated. Typically you would use system-scoped credentials for things like email auth, agent connection, etc, i.e. where the Jenkins instance itself is using the credential. Unlike the global scope, this significantly restricts where the credential can be used, thereby providing a higher degree of confidentiality to the credential.
          Global
          This credential is available to the object on which the credential is associated and all objects that are children of that object. Typically you would use global-scoped credentials for things that are needed by jobs.

          In general, a credential is defined in one place (e.g., the credentials configuration page under "Manage Jenkins") and then used in another place (e.g., when connecting to a new SSH build agent). The scope allows you to say "this credential is only used by these places" by looking at the relationship between the two locations.

          • Values: SYSTEM, GLOBAL, USER
        • id : String
          An internal unique ID by which these credentials are identified from jobs and other configuration. Normally left blank, in which case an ID will be generated, which is fine for jobs created using visual forms. Useful to specify explicitly when using credentials from scripted configuration.
        • description : String
          An optional description to help tell similar credentials apart.
        • servicePrincipalId : String
          The Azure Service Principal credentials used to communicate with the Azure services. Check the following documentation for more information about the service principal:
        • secretIdentifier : String

          Secret identifier can be found on Azure Portal.

          Secret value will be interpreted as yaml. The following is an example

                  username: jenkins
                  password: P@ssword
              

          The following example uses the az-cli to load a yaml file as a secret into an Azure Keyvault

              az keyvault secret --vault-name jenkins --name jenkins-cred --file jenkins-cred.yaml
              
      • $class: 'StringCredentialsImpl'
        • scope
          Determines where this credential can be used.
          System
          This credential is only available to the object on which the credential is associated. Typically you would use system-scoped credentials for things like email auth, agent connection, etc, i.e. where the Jenkins instance itself is using the credential. Unlike the global scope, this significantly restricts where the credential can be used, thereby providing a higher degree of confidentiality to the credential.
          Global
          This credential is available to the object on which the credential is associated and all objects that are children of that object. Typically you would use global-scoped credentials for things that are needed by jobs.

          In general, a credential is defined in one place (e.g., the credentials configuration page under "Manage Jenkins") and then used in another place (e.g., when connecting to a new SSH build agent). The scope allows you to say "this credential is only used by these places" by looking at the relationship between the two locations.

          • Values: SYSTEM, GLOBAL, USER
        • id : String
          An internal unique ID by which these credentials are identified from jobs and other configuration. Normally left blank, in which case an ID will be generated, which is fine for jobs created using visual forms. Useful to specify explicitly when using credentials from scripted configuration.
        • description : String
          An optional description to help tell similar credentials apart.
        • secret
          • Type: class hudson.util.Secret
      • $class: 'VaultStringCredentialImpl'
        • scope
          Determines where this credential can be used.
          System
          This credential is only available to the object on which the credential is associated. Typically you would use system-scoped credentials for things like email auth, agent connection, etc, i.e. where the Jenkins instance itself is using the credential. Unlike the global scope, this significantly restricts where the credential can be used, thereby providing a higher degree of confidentiality to the credential.
          Global
          This credential is available to the object on which the credential is associated and all objects that are children of that object. Typically you would use global-scoped credentials for things that are needed by jobs.

          In general, a credential is defined in one place (e.g., the credentials configuration page under "Manage Jenkins") and then used in another place (e.g., when connecting to a new SSH build agent). The scope allows you to say "this credential is only used by these places" by looking at the relationship between the two locations.

          • Values: SYSTEM, GLOBAL, USER
        • id : String
          An internal unique ID by which these credentials are identified from jobs and other configuration. Normally left blank, in which case an ID will be generated, which is fine for jobs created using visual forms. Useful to specify explicitly when using credentials from scripted configuration.
        • description : String
          An optional description to help tell similar credentials apart.
        • engineVersion : int (optional)
        • namespace : String (optional)
          The Vault Namespace the secret resides in. Leave blank if namespaces are not enabled or the secret is part of the root namespace.

          Note: Namespaces are a feature of Vault Enterprise.

        • path : String (optional)
          The Vault secret path. Example "kv/eng/apikey/google".
        • prefixPath : String (optional)
          The secret engine prefix path. Use this to identify the path the secret engine (i.e. kv) is mounted to if it is not mounted at the root.

          For example if the secret path is "team1/kv/database" the prefix path would be "team1/kv". If the secret path is "kv/database" the prefix path can be left blank.

        • vaultKey : String (optional)
    • serviceAccountCredentialId : String (optional)
      A secret text credential that contains the Service Account Authorization Token.
  • secrets (optional)
      Array / List of Nested Object
    • envVar : String
      The environment variable that will contain the loaded secret
    • secretRef : String
      The reference to the secret (has the format "op://vault/item/[section/]field")

wrap([$class: 'OnePasswordBuildWrapper']): 1Password Secrets

  • config (optional)
      Nested Object
    • connectCredential (optional)
        Nested Choice of Objects
      • $class: 'EksTokenCredentials'
        • scope
          Determines where this credential can be used.
          System
          This credential is only available to the object on which the credential is associated. Typically you would use system-scoped credentials for things like email auth, agent connection, etc, i.e. where the Jenkins instance itself is using the credential. Unlike the global scope, this significantly restricts where the credential can be used, thereby providing a higher degree of confidentiality to the credential.
          Global
          This credential is available to the object on which the credential is associated and all objects that are children of that object. Typically you would use global-scoped credentials for things that are needed by jobs.

          In general, a credential is defined in one place (e.g., the credentials configuration page under "Manage Jenkins") and then used in another place (e.g., when connecting to a new SSH build agent). The scope allows you to say "this credential is only used by these places" by looking at the relationship between the two locations.

          • Values: SYSTEM, GLOBAL, USER
        • id : String
          An internal unique ID by which these credentials are identified from jobs and other configuration. Normally left blank, in which case an ID will be generated, which is fine for jobs created using visual forms. Useful to specify explicitly when using credentials from scripted configuration.
        • description : String
          An optional description to help tell similar credentials apart.
        • clusterName : String
        • region : String
        • awsCredentialsId : String (optional)
      • $class: 'FileSystemServiceAccountCredential'
        • scope
          Determines where this credential can be used.
          System
          This credential is only available to the object on which the credential is associated. Typically you would use system-scoped credentials for things like email auth, agent connection, etc, i.e. where the Jenkins instance itself is using the credential. Unlike the global scope, this significantly restricts where the credential can be used, thereby providing a higher degree of confidentiality to the credential.
          Global
          This credential is available to the object on which the credential is associated and all objects that are children of that object. Typically you would use global-scoped credentials for things that are needed by jobs.

          In general, a credential is defined in one place (e.g., the credentials configuration page under "Manage Jenkins") and then used in another place (e.g., when connecting to a new SSH build agent). The scope allows you to say "this credential is only used by these places" by looking at the relationship between the two locations.

          • Values: SYSTEM, GLOBAL, USER
        • id : String
          An internal unique ID by which these credentials are identified from jobs and other configuration. Normally left blank, in which case an ID will be generated, which is fine for jobs created using visual forms. Useful to specify explicitly when using credentials from scripted configuration.
        • description : String
          An optional description to help tell similar credentials apart.
      • idToken
        Supplies an OpenID Connect id token (JWT) with claims about the current build.
        • scope
          Determines where this credential can be used.
          System
          This credential is only available to the object on which the credential is associated. Typically you would use system-scoped credentials for things like email auth, agent connection, etc, i.e. where the Jenkins instance itself is using the credential. Unlike the global scope, this significantly restricts where the credential can be used, thereby providing a higher degree of confidentiality to the credential.
          Global
          This credential is available to the object on which the credential is associated and all objects that are children of that object. Typically you would use global-scoped credentials for things that are needed by jobs.

          In general, a credential is defined in one place (e.g., the credentials configuration page under "Manage Jenkins") and then used in another place (e.g., when connecting to a new SSH build agent). The scope allows you to say "this credential is only used by these places" by looking at the relationship between the two locations.

          • Values: SYSTEM, GLOBAL, USER
        • id : String
          An internal unique ID by which these credentials are identified from jobs and other configuration. Normally left blank, in which case an ID will be generated, which is fine for jobs created using visual forms. Useful to specify explicitly when using credentials from scripted configuration.
        • description : String
          An optional description to help tell similar credentials apart.
        • audience : String (optional)
          Optional audience claim for the id token.
        • issuer : String (optional)
          Alternate issuer URL. If specified, you must be prepared to serve .well-known/openid-configuration and jwks from that location as application/json documents. Jenkins will continue to maintain the private key, but beware that unauthorized modification of either document could allow id tokens to be forged.
      • $class: 'SecretPersonalAccessTokenCredentials'
        • scope
          Determines where this credential can be used.
          System
          This credential is only available to the object on which the credential is associated. Typically you would use system-scoped credentials for things like email auth, agent connection, etc, i.e. where the Jenkins instance itself is using the credential. Unlike the global scope, this significantly restricts where the credential can be used, thereby providing a higher degree of confidentiality to the credential.
          Global
          This credential is available to the object on which the credential is associated and all objects that are children of that object. Typically you would use global-scoped credentials for things that are needed by jobs.

          In general, a credential is defined in one place (e.g., the credentials configuration page under "Manage Jenkins") and then used in another place (e.g., when connecting to a new SSH build agent). The scope allows you to say "this credential is only used by these places" by looking at the relationship between the two locations.

          • Values: SYSTEM, GLOBAL, USER
        • id : String
          An internal unique ID by which these credentials are identified from jobs and other configuration. Normally left blank, in which case an ID will be generated, which is fine for jobs created using visual forms. Useful to specify explicitly when using credentials from scripted configuration.
        • description : String
          An optional description to help tell similar credentials apart.
        • servicePrincipalId : String
          The Azure Service Principal credentials used to communicate with the Azure services. Check the following documentation for more information about the service principal:
        • secretIdentifier : String

          Secret identifier can be found on Azure Portal.

          Secret value will be interpreted as plain text.

      • $class: 'SecretSSHUserPrivateKeyCredentials'
        • scope
          Determines where this credential can be used.
          System
          This credential is only available to the object on which the credential is associated. Typically you would use system-scoped credentials for things like email auth, agent connection, etc, i.e. where the Jenkins instance itself is using the credential. Unlike the global scope, this significantly restricts where the credential can be used, thereby providing a higher degree of confidentiality to the credential.
          Global
          This credential is available to the object on which the credential is associated and all objects that are children of that object. Typically you would use global-scoped credentials for things that are needed by jobs.

          In general, a credential is defined in one place (e.g., the credentials configuration page under "Manage Jenkins") and then used in another place (e.g., when connecting to a new SSH build agent). The scope allows you to say "this credential is only used by these places" by looking at the relationship between the two locations.

          • Values: SYSTEM, GLOBAL, USER
        • id : String
          An internal unique ID by which these credentials are identified from jobs and other configuration. Normally left blank, in which case an ID will be generated, which is fine for jobs created using visual forms. Useful to specify explicitly when using credentials from scripted configuration.
        • description : String
          An optional description to help tell similar credentials apart.
        • servicePrincipalId : String
          The Azure Service Principal credentials used to communicate with the Azure services. Check the following documentation for more information about the service principal:
        • secretIdentifier : String

          Secret identifier can be found on Azure Portal.

          Secret value will be interpreted as yaml. The following is an example

                  username: jenkins
                  passphrase:
                  privateKey: |
                    -----BEGIN RSA PRIVATE KEY-----
                    MIIEpAIBAAKCAQEAnWLC5QGdQNii4oDosvY5hXEGOGQXFsw1YFMkyG+xY5kUIxc3
                    :
                    :
                    BZC5SbkVLUxtoPubf2op4lJoxbBX4p0qcA8Iu6HVJFDkWhPvuH7O5g==
                    -----END RSA PRIVATE KEY-----
              

          The following example uses the az-cli to load a yaml file as a secret into an Azure Keyvault

              az keyvault secret --vault-name jenkins --name ssh-cred --file ssh-cred.yaml
              
      • $class: 'SecretStringCredentials'
        • scope
          Determines where this credential can be used.
          System
          This credential is only available to the object on which the credential is associated. Typically you would use system-scoped credentials for things like email auth, agent connection, etc, i.e. where the Jenkins instance itself is using the credential. Unlike the global scope, this significantly restricts where the credential can be used, thereby providing a higher degree of confidentiality to the credential.
          Global
          This credential is available to the object on which the credential is associated and all objects that are children of that object. Typically you would use global-scoped credentials for things that are needed by jobs.

          In general, a credential is defined in one place (e.g., the credentials configuration page under "Manage Jenkins") and then used in another place (e.g., when connecting to a new SSH build agent). The scope allows you to say "this credential is only used by these places" by looking at the relationship between the two locations.

          • Values: SYSTEM, GLOBAL, USER
        • id : String
          An internal unique ID by which these credentials are identified from jobs and other configuration. Normally left blank, in which case an ID will be generated, which is fine for jobs created using visual forms. Useful to specify explicitly when using credentials from scripted configuration.
        • description : String
          An optional description to help tell similar credentials apart.
        • servicePrincipalId : String
        • secretIdentifier : String
      • $class: 'SecretUsernamePasswordCredentials'
        • scope
          Determines where this credential can be used.
          System
          This credential is only available to the object on which the credential is associated. Typically you would use system-scoped credentials for things like email auth, agent connection, etc, i.e. where the Jenkins instance itself is using the credential. Unlike the global scope, this significantly restricts where the credential can be used, thereby providing a higher degree of confidentiality to the credential.
          Global
          This credential is available to the object on which the credential is associated and all objects that are children of that object. Typically you would use global-scoped credentials for things that are needed by jobs.

          In general, a credential is defined in one place (e.g., the credentials configuration page under "Manage Jenkins") and then used in another place (e.g., when connecting to a new SSH build agent). The scope allows you to say "this credential is only used by these places" by looking at the relationship between the two locations.

          • Values: SYSTEM, GLOBAL, USER
        • id : String
          An internal unique ID by which these credentials are identified from jobs and other configuration. Normally left blank, in which case an ID will be generated, which is fine for jobs created using visual forms. Useful to specify explicitly when using credentials from scripted configuration.
        • description : String
          An optional description to help tell similar credentials apart.
        • servicePrincipalId : String
          The Azure Service Principal credentials used to communicate with the Azure services. Check the following documentation for more information about the service principal:
        • secretIdentifier : String

          Secret identifier can be found on Azure Portal.

          Secret value will be interpreted as yaml. The following is an example

                  username: jenkins
                  password: P@ssword
              

          The following example uses the az-cli to load a yaml file as a secret into an Azure Keyvault

              az keyvault secret --vault-name jenkins --name jenkins-cred --file jenkins-cred.yaml
              
      • $class: 'StringCredentialsImpl'
        • scope
          Determines where this credential can be used.
          System
          This credential is only available to the object on which the credential is associated. Typically you would use system-scoped credentials for things like email auth, agent connection, etc, i.e. where the Jenkins instance itself is using the credential. Unlike the global scope, this significantly restricts where the credential can be used, thereby providing a higher degree of confidentiality to the credential.
          Global
          This credential is available to the object on which the credential is associated and all objects that are children of that object. Typically you would use global-scoped credentials for things that are needed by jobs.

          In general, a credential is defined in one place (e.g., the credentials configuration page under "Manage Jenkins") and then used in another place (e.g., when connecting to a new SSH build agent). The scope allows you to say "this credential is only used by these places" by looking at the relationship between the two locations.

          • Values: SYSTEM, GLOBAL, USER
        • id : String
          An internal unique ID by which these credentials are identified from jobs and other configuration. Normally left blank, in which case an ID will be generated, which is fine for jobs created using visual forms. Useful to specify explicitly when using credentials from scripted configuration.
        • description : String
          An optional description to help tell similar credentials apart.
        • secret
          • Type: class hudson.util.Secret
      • $class: 'VaultStringCredentialImpl'
        • scope
          Determines where this credential can be used.
          System
          This credential is only available to the object on which the credential is associated. Typically you would use system-scoped credentials for things like email auth, agent connection, etc, i.e. where the Jenkins instance itself is using the credential. Unlike the global scope, this significantly restricts where the credential can be used, thereby providing a higher degree of confidentiality to the credential.
          Global
          This credential is available to the object on which the credential is associated and all objects that are children of that object. Typically you would use global-scoped credentials for things that are needed by jobs.

          In general, a credential is defined in one place (e.g., the credentials configuration page under "Manage Jenkins") and then used in another place (e.g., when connecting to a new SSH build agent). The scope allows you to say "this credential is only used by these places" by looking at the relationship between the two locations.

          • Values: SYSTEM, GLOBAL, USER
        • id : String
          An internal unique ID by which these credentials are identified from jobs and other configuration. Normally left blank, in which case an ID will be generated, which is fine for jobs created using visual forms. Useful to specify explicitly when using credentials from scripted configuration.
        • description : String
          An optional description to help tell similar credentials apart.
        • engineVersion : int (optional)
        • namespace : String (optional)
          The Vault Namespace the secret resides in. Leave blank if namespaces are not enabled or the secret is part of the root namespace.

          Note: Namespaces are a feature of Vault Enterprise.

        • path : String (optional)
          The Vault secret path. Example "kv/eng/apikey/google".
        • prefixPath : String (optional)
          The secret engine prefix path. Use this to identify the path the secret engine (i.e. kv) is mounted to if it is not mounted at the root.

          For example if the secret path is "team1/kv/database" the prefix path would be "team1/kv". If the secret path is "kv/database" the prefix path can be left blank.

        • vaultKey : String (optional)
    • connectCredentialId : String (optional)
      A secret text credential that contains the 1Password Connect Token
    • connectHost : String (optional)
      Host where Connect is deployed
    • opCLIPath : String (optional)
      Path to the 1Password CLI
    • serviceAccountCredential (optional)
        Nested Choice of Objects
      • $class: 'EksTokenCredentials'
        • scope
          Determines where this credential can be used.
          System
          This credential is only available to the object on which the credential is associated. Typically you would use system-scoped credentials for things like email auth, agent connection, etc, i.e. where the Jenkins instance itself is using the credential. Unlike the global scope, this significantly restricts where the credential can be used, thereby providing a higher degree of confidentiality to the credential.
          Global
          This credential is available to the object on which the credential is associated and all objects that are children of that object. Typically you would use global-scoped credentials for things that are needed by jobs.

          In general, a credential is defined in one place (e.g., the credentials configuration page under "Manage Jenkins") and then used in another place (e.g., when connecting to a new SSH build agent). The scope allows you to say "this credential is only used by these places" by looking at the relationship between the two locations.

          • Values: SYSTEM, GLOBAL, USER
        • id : String
          An internal unique ID by which these credentials are identified from jobs and other configuration. Normally left blank, in which case an ID will be generated, which is fine for jobs created using visual forms. Useful to specify explicitly when using credentials from scripted configuration.
        • description : String
          An optional description to help tell similar credentials apart.
        • clusterName : String
        • region : String
        • awsCredentialsId : String (optional)
      • $class: 'FileSystemServiceAccountCredential'
        • scope
          Determines where this credential can be used.
          System
          This credential is only available to the object on which the credential is associated. Typically you would use system-scoped credentials for things like email auth, agent connection, etc, i.e. where the Jenkins instance itself is using the credential. Unlike the global scope, this significantly restricts where the credential can be used, thereby providing a higher degree of confidentiality to the credential.
          Global
          This credential is available to the object on which the credential is associated and all objects that are children of that object. Typically you would use global-scoped credentials for things that are needed by jobs.

          In general, a credential is defined in one place (e.g., the credentials configuration page under "Manage Jenkins") and then used in another place (e.g., when connecting to a new SSH build agent). The scope allows you to say "this credential is only used by these places" by looking at the relationship between the two locations.

          • Values: SYSTEM, GLOBAL, USER
        • id : String
          An internal unique ID by which these credentials are identified from jobs and other configuration. Normally left blank, in which case an ID will be generated, which is fine for jobs created using visual forms. Useful to specify explicitly when using credentials from scripted configuration.
        • description : String
          An optional description to help tell similar credentials apart.
      • idToken
        Supplies an OpenID Connect id token (JWT) with claims about the current build.
        • scope
          Determines where this credential can be used.
          System
          This credential is only available to the object on which the credential is associated. Typically you would use system-scoped credentials for things like email auth, agent connection, etc, i.e. where the Jenkins instance itself is using the credential. Unlike the global scope, this significantly restricts where the credential can be used, thereby providing a higher degree of confidentiality to the credential.
          Global
          This credential is available to the object on which the credential is associated and all objects that are children of that object. Typically you would use global-scoped credentials for things that are needed by jobs.

          In general, a credential is defined in one place (e.g., the credentials configuration page under "Manage Jenkins") and then used in another place (e.g., when connecting to a new SSH build agent). The scope allows you to say "this credential is only used by these places" by looking at the relationship between the two locations.

          • Values: SYSTEM, GLOBAL, USER
        • id : String
          An internal unique ID by which these credentials are identified from jobs and other configuration. Normally left blank, in which case an ID will be generated, which is fine for jobs created using visual forms. Useful to specify explicitly when using credentials from scripted configuration.
        • description : String
          An optional description to help tell similar credentials apart.
        • audience : String (optional)
          Optional audience claim for the id token.
        • issuer : String (optional)
          Alternate issuer URL. If specified, you must be prepared to serve .well-known/openid-configuration and jwks from that location as application/json documents. Jenkins will continue to maintain the private key, but beware that unauthorized modification of either document could allow id tokens to be forged.
      • $class: 'SecretPersonalAccessTokenCredentials'
        • scope
          Determines where this credential can be used.
          System
          This credential is only available to the object on which the credential is associated. Typically you would use system-scoped credentials for things like email auth, agent connection, etc, i.e. where the Jenkins instance itself is using the credential. Unlike the global scope, this significantly restricts where the credential can be used, thereby providing a higher degree of confidentiality to the credential.
          Global
          This credential is available to the object on which the credential is associated and all objects that are children of that object. Typically you would use global-scoped credentials for things that are needed by jobs.

          In general, a credential is defined in one place (e.g., the credentials configuration page under "Manage Jenkins") and then used in another place (e.g., when connecting to a new SSH build agent). The scope allows you to say "this credential is only used by these places" by looking at the relationship between the two locations.

          • Values: SYSTEM, GLOBAL, USER
        • id : String
          An internal unique ID by which these credentials are identified from jobs and other configuration. Normally left blank, in which case an ID will be generated, which is fine for jobs created using visual forms. Useful to specify explicitly when using credentials from scripted configuration.
        • description : String
          An optional description to help tell similar credentials apart.
        • servicePrincipalId : String
          The Azure Service Principal credentials used to communicate with the Azure services. Check the following documentation for more information about the service principal:
        • secretIdentifier : String

          Secret identifier can be found on Azure Portal.

          Secret value will be interpreted as plain text.

      • $class: 'SecretSSHUserPrivateKeyCredentials'
        • scope
          Determines where this credential can be used.
          System
          This credential is only available to the object on which the credential is associated. Typically you would use system-scoped credentials for things like email auth, agent connection, etc, i.e. where the Jenkins instance itself is using the credential. Unlike the global scope, this significantly restricts where the credential can be used, thereby providing a higher degree of confidentiality to the credential.
          Global
          This credential is available to the object on which the credential is associated and all objects that are children of that object. Typically you would use global-scoped credentials for things that are needed by jobs.

          In general, a credential is defined in one place (e.g., the credentials configuration page under "Manage Jenkins") and then used in another place (e.g., when connecting to a new SSH build agent). The scope allows you to say "this credential is only used by these places" by looking at the relationship between the two locations.

          • Values: SYSTEM, GLOBAL, USER
        • id : String
          An internal unique ID by which these credentials are identified from jobs and other configuration. Normally left blank, in which case an ID will be generated, which is fine for jobs created using visual forms. Useful to specify explicitly when using credentials from scripted configuration.
        • description : String
          An optional description to help tell similar credentials apart.
        • servicePrincipalId : String
          The Azure Service Principal credentials used to communicate with the Azure services. Check the following documentation for more information about the service principal:
        • secretIdentifier : String

          Secret identifier can be found on Azure Portal.

          Secret value will be interpreted as yaml. The following is an example

                  username: jenkins
                  passphrase:
                  privateKey: |
                    -----BEGIN RSA PRIVATE KEY-----
                    MIIEpAIBAAKCAQEAnWLC5QGdQNii4oDosvY5hXEGOGQXFsw1YFMkyG+xY5kUIxc3
                    :
                    :
                    BZC5SbkVLUxtoPubf2op4lJoxbBX4p0qcA8Iu6HVJFDkWhPvuH7O5g==
                    -----END RSA PRIVATE KEY-----
              

          The following example uses the az-cli to load a yaml file as a secret into an Azure Keyvault

              az keyvault secret --vault-name jenkins --name ssh-cred --file ssh-cred.yaml
              
      • $class: 'SecretStringCredentials'
        • scope
          Determines where this credential can be used.
          System
          This credential is only available to the object on which the credential is associated. Typically you would use system-scoped credentials for things like email auth, agent connection, etc, i.e. where the Jenkins instance itself is using the credential. Unlike the global scope, this significantly restricts where the credential can be used, thereby providing a higher degree of confidentiality to the credential.
          Global
          This credential is available to the object on which the credential is associated and all objects that are children of that object. Typically you would use global-scoped credentials for things that are needed by jobs.

          In general, a credential is defined in one place (e.g., the credentials configuration page under "Manage Jenkins") and then used in another place (e.g., when connecting to a new SSH build agent). The scope allows you to say "this credential is only used by these places" by looking at the relationship between the two locations.

          • Values: SYSTEM, GLOBAL, USER
        • id : String
          An internal unique ID by which these credentials are identified from jobs and other configuration. Normally left blank, in which case an ID will be generated, which is fine for jobs created using visual forms. Useful to specify explicitly when using credentials from scripted configuration.
        • description : String
          An optional description to help tell similar credentials apart.
        • servicePrincipalId : String
        • secretIdentifier : String
      • $class: 'SecretUsernamePasswordCredentials'
        • scope
          Determines where this credential can be used.
          System
          This credential is only available to the object on which the credential is associated. Typically you would use system-scoped credentials for things like email auth, agent connection, etc, i.e. where the Jenkins instance itself is using the credential. Unlike the global scope, this significantly restricts where the credential can be used, thereby providing a higher degree of confidentiality to the credential.
          Global
          This credential is available to the object on which the credential is associated and all objects that are children of that object. Typically you would use global-scoped credentials for things that are needed by jobs.

          In general, a credential is defined in one place (e.g., the credentials configuration page under "Manage Jenkins") and then used in another place (e.g., when connecting to a new SSH build agent). The scope allows you to say "this credential is only used by these places" by looking at the relationship between the two locations.

          • Values: SYSTEM, GLOBAL, USER
        • id : String
          An internal unique ID by which these credentials are identified from jobs and other configuration. Normally left blank, in which case an ID will be generated, which is fine for jobs created using visual forms. Useful to specify explicitly when using credentials from scripted configuration.
        • description : String
          An optional description to help tell similar credentials apart.
        • servicePrincipalId : String
          The Azure Service Principal credentials used to communicate with the Azure services. Check the following documentation for more information about the service principal:
        • secretIdentifier : String

          Secret identifier can be found on Azure Portal.

          Secret value will be interpreted as yaml. The following is an example

                  username: jenkins
                  password: P@ssword
              

          The following example uses the az-cli to load a yaml file as a secret into an Azure Keyvault

              az keyvault secret --vault-name jenkins --name jenkins-cred --file jenkins-cred.yaml
              
      • $class: 'StringCredentialsImpl'
        • scope
          Determines where this credential can be used.
          System
          This credential is only available to the object on which the credential is associated. Typically you would use system-scoped credentials for things like email auth, agent connection, etc, i.e. where the Jenkins instance itself is using the credential. Unlike the global scope, this significantly restricts where the credential can be used, thereby providing a higher degree of confidentiality to the credential.
          Global
          This credential is available to the object on which the credential is associated and all objects that are children of that object. Typically you would use global-scoped credentials for things that are needed by jobs.

          In general, a credential is defined in one place (e.g., the credentials configuration page under "Manage Jenkins") and then used in another place (e.g., when connecting to a new SSH build agent). The scope allows you to say "this credential is only used by these places" by looking at the relationship between the two locations.

          • Values: SYSTEM, GLOBAL, USER
        • id : String
          An internal unique ID by which these credentials are identified from jobs and other configuration. Normally left blank, in which case an ID will be generated, which is fine for jobs created using visual forms. Useful to specify explicitly when using credentials from scripted configuration.
        • description : String
          An optional description to help tell similar credentials apart.
        • secret
          • Type: class hudson.util.Secret
      • $class: 'VaultStringCredentialImpl'
        • scope
          Determines where this credential can be used.
          System
          This credential is only available to the object on which the credential is associated. Typically you would use system-scoped credentials for things like email auth, agent connection, etc, i.e. where the Jenkins instance itself is using the credential. Unlike the global scope, this significantly restricts where the credential can be used, thereby providing a higher degree of confidentiality to the credential.
          Global
          This credential is available to the object on which the credential is associated and all objects that are children of that object. Typically you would use global-scoped credentials for things that are needed by jobs.

          In general, a credential is defined in one place (e.g., the credentials configuration page under "Manage Jenkins") and then used in another place (e.g., when connecting to a new SSH build agent). The scope allows you to say "this credential is only used by these places" by looking at the relationship between the two locations.

          • Values: SYSTEM, GLOBAL, USER
        • id : String
          An internal unique ID by which these credentials are identified from jobs and other configuration. Normally left blank, in which case an ID will be generated, which is fine for jobs created using visual forms. Useful to specify explicitly when using credentials from scripted configuration.
        • description : String
          An optional description to help tell similar credentials apart.
        • engineVersion : int (optional)
        • namespace : String (optional)
          The Vault Namespace the secret resides in. Leave blank if namespaces are not enabled or the secret is part of the root namespace.

          Note: Namespaces are a feature of Vault Enterprise.

        • path : String (optional)
          The Vault secret path. Example "kv/eng/apikey/google".
        • prefixPath : String (optional)
          The secret engine prefix path. Use this to identify the path the secret engine (i.e. kv) is mounted to if it is not mounted at the root.

          For example if the secret path is "team1/kv/database" the prefix path would be "team1/kv". If the secret path is "kv/database" the prefix path can be left blank.

        • vaultKey : String (optional)
    • serviceAccountCredentialId : String (optional)
      A secret text credential that contains the Service Account Authorization Token.
  • secrets (optional)
      Array / List of Nested Object
    • envVar : String
      The environment variable that will contain the loaded secret
    • secretRef : String
      The reference to the secret (has the format "op://vault/item/[section/]field")

Was this page helpful?

Please submit your feedback about this page through this quick form.

Alternatively, if you don't wish to complete the quick form, you can simply indicate if you found this page helpful?

    


See existing feedback here.