Hi all,
I have teams (eng & prod) that share the same folder in Jenkins. they are using the same pipeline, which takes as param some credentials (credID= variable_${env} where env can be prod or eng). I have created two credential domains inside the folder, Eng-secrets & Prod-secrets. Knowing that I use role based access control, is there a way to restrict access to credentials in a way eng team will access only Eng-secrets credentials domain, and prod team will access only Prod-secrets credentials domain.
Thank you.
Create roles for your teams: In Jenkins, go to “Manage Jenkins > Security > Authentication > Authorization > Role-Based Strategy” and click save.
Go to “Manage Jenkins > Manage and Assign Roles”. Here, you can create roles for your teams (e.g., eng and prod) and assign them the necessary permissions.
Assign roles to your teams: In the “Assign Roles” on the left, you can assign the roles you created to the users or groups that correspond to your teams.
Restrict access to credentials: In the credentials plugin, you can restrict access to credentials based on roles. Go to “Manage Jenkins > Credentials” > “System” > “Global credentials (unrestricted)”. Here, you can create a new domain for each team (e.g., Eng-secrets and Prod-secrets) and restrict access to these domains based on the roles you created.
Hi Bruno,
Thank you for your reply.
I went under "Global credentials (unrestricted), and I did not found the option to create a new domain. I’m only able to create a new credential there. Am I missing something?