The task given to me is “we don’t want two developers to access each other’s passwords from the Jenkins credential store”.
So before I put my hacker hat on and create a custom bulletproof system… what’s possible in Jenkins natively and is there any existing plugin that will give me any level of this?
I don’t know if this can help, but I found something that may or may not interest you:
The Folders plugin allows to limit the scope of credentials to a specific folder.
If you’re fine with restricting access of different users to different folders (e.g., with the Role Strategy plugin), then this could be a solution.
Just create the folder, enter the folder, then select the “Credentials” link on the sidebar. A new link should appear called “Folder” click that and then define your credentials. Jobs in other folders will not be able to use those.
Per user credentials should probably be added to the user not globally. Then you could use something like a credential parameter to select a credential at build time which would include any global credentials, folder credentials, and that specific users credentials