Within a jenkins pipeline I use username and password in plain text several times. I know that through the cedential plugin I can hide the password, but my problem is that the jenkins server and all the software devops are on an LDAP managed domain. For security issues the user password is changed every 30 days and I have the problem of updating the password within the pipeline. I would like that every time I change the password I don’t have to remodify the pipeline, probably the credential plugin can handle this but I don’t know how to do it. What is the correct way to handle this? not being an expert in jenkins I would be grateful if someone could give me detailed directions.
Why do you need to change the pipeline?
It should be sufficient to change the credential in Jenkins. Go to
Manage Jenkins -> Manage credentials -> select your credential -> update
and enter the new password.
Oh my good, your IT guys are paranoid
thanks for the reply. actually i would like this intervention to be automatic as well. there doesn’t have to be someone to open jenkins and update the credentials. I would like it to be automatic. And the problem is that for security reasons I can’t create a user that has a password that never expires.
yes, they are paranoid
Ideally, the credentials should not have to be manually specified by user and password but should be taken from the ldap domain.
I think ldap doesn’t store passwords itself only password hashes so fetching the password from ldap is not possible. How do you change the password in ldap currently? Is that automated already? Then this automation can probably also take care of updating the credential in Jenkins. One idea would be to create a freestyle job that has the password as parameter that runs some system groovy which will update the password.