How to Fetch Multiple Credentials and Expose them in Environment using Jenkinsfile pipeline

October 07, 2022

Introduction

In this post, we will see how to fetch multiple credentials and expose them in environment variable.

Jenkinsfile Stage to Fetch Single Credential

There are many types of credentials that can be stored in Jenkins. The most commonly used is the username/password one.

Lets take an example of a stage, where I need to authenticate against an artifactory server.

stages {
  stage('Install requirements') {
      steps {
          withCredentials([[
              $class: 'UsernamePasswordMultiBinding',
              credentialsId: 'MY_API_KEY',
              usernameVariable: 'ARTIFACTORY_USERNAME',
              passwordVariable: 'ARTIFACTORY_PASSWORD']
          ]) {
              sh """
              python3.8 -m pip install virtualenv
              python3.8 -m venv python_env
              source python_env/bin/activate
              python3.8 -m pip install --upgrade pip
              python3.8 -m pip install -r requirements.txt -i https://${ARTIFACTORY_USERNAME}:${ARTIFACTORY_PASSWORD}@artifactory.myorg.com/artifactory/api/pypi/pypi-myorg-release/simple

              deactivate
              """
          }
      } 
  }
}

In above Jenkinsfile, I’m reading credentials from a stored credential in Jenkin with id MY_API_KEY and exposing the username in variable: ARTIFACTORY_USERNAME, and password in variable: ARTIFACTORY_PASSWORD

Jenkinsfile Stage to Fetch Multiple Credentials

There are many cases, where I need to read more than one credentials,

stage('Run deployer') {
  steps {
      echo 'Deploying Artifacts to k8s Env...'

      withCredentials([
          [$class: 'UsernamePasswordMultiBinding', 
          credentialsId:"AZURE_SERVICE_SECRET",
              usernameVariable: 'AZURE_SERVICE_USERNAME', 
              passwordVariable: 'AZURE_SERVICE_SECRET'],
          [$class: 'UsernamePasswordMultiBinding', credentialsId:"MY_API_KEY",
              usernameVariable: 'ARTIFACTORY_USERNAME', 
              passwordVariable: 'ARTIFACTORY_PASSWORD']
      ]) {
          sh """
              sudo curl -LO "https://dl.k8s.io/release/v1.25.2/bin/linux/amd64/kubectl"
              sudo install -o root -g root -m 0755 kubectl /usr/local/bin/kubectl
              kubectl version --client

              echo "deploy to env=${params.DeployEnv}, artifact=${params.ArtifactId}, version=${params.Version}"
              
              echo "Preparing runtime env..."
              python3.8 -m pip install virtualenv
              python3.8 -m venv python_env
              source python_env/bin/activate
              python3.8 -m pip install --upgrade pip
              python3.8 -m pip install -r requirements.txt -i https://${ARTIFACTORY_USERNAME}:${ARTIFACTORY_PASSWORD}@artifactory.myorg.com/artifactory/api/pypi/pypi-myorg-release/simple

              echo "Ready to run deployment..."
              python3.8 deploy.py "${params.DeployEnv}" "${params.ArtifactId}" "${params.Version}" "./ethos_deployment"

              deactivate
          """
      }
  }
}

The syntax is the same, it is just that I’ve used multiple credentials id and usage will be the same.

cicdbuildjenkinsgroovypython

Similar Posts

Latest Posts