Jenkins | Restricting Credentials dropdown-list of other users to currently logged-in user under SCM[Git]

Hi All,

We have installed Jenkins 2.319.1 and running on the Master-Agent architecture. In this application, we are managing multiple teams to use our centralized Jenkins application.

Currently, we are facing below challenges w.r.t visibility of credentials as explained in the scenario:

  • When we are configuring a job under pipeline project and trying to use SCM as Git. Under Credentials, the logged-in user is able to see the list of all available user credentials under a drop-down list which should not be the case. It’s a security issue as multiple teams are involved here.

Kindly let us know how to restrict the credentials dropdown-list of other users to currently logged-in users i.e.,( Logged in users should be able to see their own credentials but not others).

Thanks,
Spandana K

1 Like

Hi there,

As a reminder, the term “slave” to refer to an agent has been deprecated since 2016. Please refer to On Jenkins Terminology Updates for more details. We request you update your post.

Thanks,
Gavin Mogan

Are you saying a given user can see other user’s credentials? if so please follow Reporting Security Vulnerabilities and report it to the security team.

If your saying you want only credentials attached to the user to show, then I’m not sure what is stopping you from doing that.

Gavin, I want to know the configuration steps to hide the other user’s credentials in the Dropdown under the SCM pipeline.
Please find the screenshot below where I am able to see all credentials which should not be the case.

Do you mean credentials that people add to their user account? (ex https://ci.jenkins.io/user/halkeye/credentials/)

Or users credentials added to the global credential management?

Cause if the first, then its a bug in git plugin and should properly reported and fixed.

But if its the second, there’s no way to filter them out, by design.

@MarkEWaite might be able to explain a bit better

One technique that I’ve seen has been to define the credentials on a folder and then block user access to that folder. It assures that only those with permission to access the folder can use the credentials that are defined on the folder.

That assumes you’ve defined your permissions with enough granularity that you can block specific users from specific folders.

There may be other ways, but that’s the one that I have seen most often.

Thank you so much , it is working.