Credentials are objects that contain sensitive information, such as usernames and passwords, SSH keys, and tokens. When a DevOps pipeline runs, it interacts with objects in the external environment to perform a series of tasks, including pulling code, pushing and pulling images, and running scripts. This process requires providing corresponding credentials, and these credentials will not appear in plain text in the pipeline.

DevOps project users with the necessary permissions can configure credentials for Jenkins pipelines. After users add or configure these credentials in a DevOps project, they can use these credentials to interact with third-party applications within the DevOps project.

Currently, you can create the following types of credentials in a DevOps project:

  • Username and password: Username and password, which can be handled as separate components or as a colon-separated string (in the format username:password), such as GitHub and GitLab accounts.

  • SSH key: Username with a private key, SSH public/private key pair.

  • Access token: Token with access permissions.

  • kubeconfig: Used for configuring cross-cluster authentication.

This document demonstrates how to create and manage credentials in a DevOps project. For more information on how to use credentials, please refer to Create a Pipeline Using Jenkinsfile and Create a Pipeline Using the Graphical Editing Panel.

Prerequisites

  • The DevOps extension must be installed and enabled on the KubeSphere platform.

  • A workspace, a DevOps project, and a user (e.g., project-regular) have been created, and the user has been invited to the DevOps project and granted the operator role. Please refer to Invite a User to a DevOps Project.

Create a Credential

  1. Log in to the KubeSphere console as the project-regular user and enter your workspace.

  2. Click  DevOps > Credentials in the left navigation pane.

  3. Select a DevOps project from the drop-down list in the upper left corner of the page.

  4. Click Create on the page.

  5. In the pop-up Create Credential dialog box, enter the credential name and select the credential type. Different credential types require different parameters to be set. Please refer to the following content for details.

    • Create a Username and Password Credential

      Taking creating a GitHub user credential as an example, you need to set the following parameters:

      Parameter Description

      Name

      Set the credential name, such as github-id.

      Type

      Select Username and password.

      Username

      Enter your GitHub username.

      Password/Token

      Enter your GitHub token.

      Description

      A brief introduction to the credential.
      Note

      Since August 2021, GitHub requires the use of token-based authentication. You need to enter a token here, not your GitHub password. For information on how to generate a token, please refer to Creating a personal access token.
      Note

      If your account or password contains special characters, such as @ and $, it may cause errors during pipeline execution because they cannot be recognized. In this case, you need to first encode your account or password on some third-party websites (e.g., urlencoder), and then copy and paste the output result as your credential information.

    • Create an SSH Key Credential

      Parameter Description

      Name

      Set the credential name.

      Type

      Select SSH key.

      Username

      Enter your username.

      Private Key

      Enter your SSH key.

      Passphrase

      Enter a passphrase. To better protect your account security, it is recommended to set this parameter.

      Description

      A brief introduction to the credential.

    • Create an Access Token Credential

      Parameter Description

      Name

      Set the credential name.

      Type

      Select Access token.

      Token

      Enter your token.

      Description

      A brief introduction to the credential.

    • Create a kubeconfig Credential

      Parameter Description

      Name

      Set the credential name, for example, demo-kubeconfig.

      Type

      Select kubeconfig.

      Content

      The system automatically retrieves the content of the kubeconfig file for the current Kubernetes cluster and automatically populates this field. You do not need to make any changes. However, when accessing other clusters, you may need to modify the kubeconfig.

      Description

      A brief introduction to the credential.
      Note

      The file used to configure cluster access is called a kubeconfig file. This is a general way to refer to configuration files. For more information, please refer to Kubernetes official documentation.

View and Manage Credentials

  1. Click on a created credential to enter its details page, where you can view the credential details and all events related to this credential.

  2. Click Operation > Edit to modify the credential information, or click Operation > Delete to delete the credential.

    Note

    When editing a credential, KubeSphere does not display the existing password/token information. If you enter a new password/token, the previous one will be overwritten.