Hi Matthew, Thanks, it indeed seems to work as you described. The feature is somewhat hidden, so I missed it. But it works very well. Unfortunately it works for other users as well. Just change the git url and the credentials will show up.
I have experimented with the Cloudbees Folder plugin and in combination with project-based security we can achieve what we want: separation of project specific credentials. Thank you very much for this tip! Regards, Johan. Op zaterdag 11 oktober 2014 15:49:04 UTC+2 schreef Matthew Moore: > > Domains would allow you to show the credentials for only the pertinent > hostnames, schemes, etc (e.g. github.com, ssh://). > 1) Add Domain > 2) Add a "hostname" specification for your repo > 3) Add your credential *inside* this domain. > > The net effect is that when users type this URL into Git, your credential > will show up. Another URL, and it goes away. > > NOTE: This doesn't meet what looks like your security requirements where > the Credentials don't show up for other users. > > > > I believe CloudBees folder plugin allows for folder-scoped credentials, > combined with Folder permissions (might be a CloudBees enterprise plugin), > you might be able to achieve what you want. > > I have not, however, played with this myself. > > > > Hope that helps, > -M > > > On Sat, Oct 11, 2014 at 6:18 AM, Mark Waite <[email protected] > <javascript:>> wrote: > >> Have you experimented with "Add domain" and assigned the credentials to >> the specific URI and scheme and port that you want to control? >> >> I'm not sure that will exactly match what you're trying to do, since I >> believe you're trying to prevent a user who has the permission to modify a >> job definition from changing the repository URL to use a different >> repository. If they change to use a different repository, I believe the >> credentials for that repository will be visible to them. I'm not fluent >> enough in the details of securing Jenkins to guide you further than "try >> the Add domain" capability. >> >> Mark Waite >> >> On Sat, Oct 11, 2014 at 6:37 AM, Johan <[email protected] >> <javascript:>> wrote: >> >>> Hi, >>> >>> Several of our projects have access to their own Git repository through >>> https. >>> For this they need to add credentials in the job config (Git plugin). >>> >>> But is seems only possible to add credentials at global level. Added >>> global credentials are shown in the credentials dropdownlistbox (Git >>> plugin) and are visible to everyone. >>> How can I make sure that credentials that are added by users of project >>> A are not visible and can not be used by users of project B? >>> >>> Thanks in advance. >>> >>> Regards, >>> Johan. >>> >>> -- >>> You received this message because you are subscribed to the Google >>> Groups "Jenkins Users" group. >>> To unsubscribe from this group and stop receiving emails from it, send >>> an email to [email protected] <javascript:>. >>> For more options, visit https://groups.google.com/d/optout. >>> >> >> >> >> -- >> Thanks! >> Mark Waite >> >> -- >> You received this message because you are subscribed to the Google Groups >> "Jenkins Users" group. >> To unsubscribe from this group and stop receiving emails from it, send an >> email to [email protected] <javascript:>. >> For more options, visit https://groups.google.com/d/optout. >> > > > > -- > Matthew Moore > DI/Docker (aka Convoy) > Developer Infrastructure @ Google > -- You received this message because you are subscribed to the Google Groups "Jenkins Users" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. For more options, visit https://groups.google.com/d/optout.
