Domains would allow you to show the credentials for only the pertinent hostnames, schemes, etc (e.g. github.com, ssh://). 1) Add Domain 2) Add a "hostname" specification for your repo 3) Add your credential *inside* this domain.
The net effect is that when users type this URL into Git, your credential will show up. Another URL, and it goes away. NOTE: This doesn't meet what looks like your security requirements where the Credentials don't show up for other users. I believe CloudBees folder plugin allows for folder-scoped credentials, combined with Folder permissions (might be a CloudBees enterprise plugin), you might be able to achieve what you want. I have not, however, played with this myself. Hope that helps, -M On Sat, Oct 11, 2014 at 6:18 AM, Mark Waite <[email protected]> wrote: > Have you experimented with "Add domain" and assigned the credentials to > the specific URI and scheme and port that you want to control? > > I'm not sure that will exactly match what you're trying to do, since I > believe you're trying to prevent a user who has the permission to modify a > job definition from changing the repository URL to use a different > repository. If they change to use a different repository, I believe the > credentials for that repository will be visible to them. I'm not fluent > enough in the details of securing Jenkins to guide you further than "try > the Add domain" capability. > > Mark Waite > > On Sat, Oct 11, 2014 at 6:37 AM, Johan <[email protected]> wrote: > >> Hi, >> >> Several of our projects have access to their own Git repository through >> https. >> For this they need to add credentials in the job config (Git plugin). >> >> But is seems only possible to add credentials at global level. Added >> global credentials are shown in the credentials dropdownlistbox (Git >> plugin) and are visible to everyone. >> How can I make sure that credentials that are added by users of project A >> are not visible and can not be used by users of project B? >> >> Thanks in advance. >> >> Regards, >> Johan. >> >> -- >> You received this message because you are subscribed to the Google Groups >> "Jenkins Users" group. >> To unsubscribe from this group and stop receiving emails from it, send an >> email to [email protected]. >> For more options, visit https://groups.google.com/d/optout. >> > > > > -- > Thanks! > Mark Waite > > -- > You received this message because you are subscribed to the Google Groups > "Jenkins Users" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to [email protected]. > For more options, visit https://groups.google.com/d/optout. > -- Matthew Moore DI/Docker (aka Convoy) Developer Infrastructure @ Google -- You received this message because you are subscribed to the Google Groups "Jenkins Users" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. For more options, visit https://groups.google.com/d/optout.
