1. Introduction

Jenkins allows us to configure credentials for interacting with third-party applications like Git repository hosting services. Once configured accordingly, we can add the credentials to our pipeline, allowing our Jenkins server to gain access to such third-party services.

In this tutorial, we’ll demonstrate how to do a git checkout with credentials in a Jenkins pipeline.

2. Creating Git Credentials in Jenkins

To create credentials in Jenkins, we’ll log into our Jenkins dashboard. Once we’re in, we’ll follow a few simple steps.

2.1. Navigating to the “Global Credentials” Screen

Before we can add credentials to Jenkins, we first need to navigate to the global credentials screen.

  • Click on “Manage Jenkins”:

Manage Jenkins menu

  • Under the “Security” menu, we’ll click on “Credentials”:

Credentials under Security menu

  • Then, under the “Stores scoped to Jenkins” menu, we’ll click on “System”:

Stores scoped to Jenkins field

  • From the ensuing page, we’ll click on “Global credentials (unrestricted)”:

Global Credentials Unrestricted link under Jenkins System Credentials

  • Finally, we’ll click on the “+ Add Credentials” button at the upper right section of the page:

Add Credentials button

2.2. Creating a Username With Password Credential

Upon clicking the “+ Add Credentials” button, the link will direct us to a page with multiple input fields:

A blank credentials page

The first is a dropdown field labeled “Kind”. In this field, we’ll select the kind of credential we want to create. For a Git repository hosting service, we can use “Username with password” or “SSH Username with private key” credentials. In this section, we’ll opt for “Username with password”.

After selecting the kind of credential, we’ll select its scope. The scope is basically the range of environments in which we can use the credential. By default, we have two options: Global and System. We’ll leave ours as “Global”.

In the “Username” field, we’ll enter our username — we may choose to treat the username as a secret. Then, in the “Password” field, we’ll enter the personal access token or password to our Git repository.

Here, we have the option of specifying an ID in the ID field. But, note that if we don’t specify an ID, the system will generate one. Since we’ll need the ID later when using the credentials in our pipeline, it’s better that we specify it. That way, we can readily recollect and use the ID in the pipeline.

Lastly, we could write a description in the “Description” field. But then, we may also leave it blank.

After filling in all the required fields, we’ll click on “Create” to create the credential:

A filled Jenkins credentials page

2.3. Creating an SSH Username With Private Key Credential

If we’d rather use SSH secrets to gain access to our Git repository, we’ll have to create a Jenkins “SSH Username with private key” credential. But before we do that, we’ll generate SSH keys on our Jenkins server:

$ ssh-keygen

After generating the SSH keys, we’ll add the public key to our remote Git repository account. For GitHub, we can add the public key by clicking on our profile photo, then on Settings > SSH and GPG Keys > New SSH Key.

When we’re done adding the public key to our Git account, we’ll create an SSH credential in Jenkins. To do this, we’ll repeat the five steps highlighted by the bullet points above.

Next, we’ll select “SSH Username with private key” from the options in the “Kind” dropdown menu. Then, we’ll choose a scope:

SSH credentials with private key in Jenkins

In the ID field, we can specify our desired ID for the credential. But if we don’t, Jenkins will generate an ID.

We may leave the “Description” field blank.

In the “Username” field, we’ll add our SSH username for the Git repository. As mentioned in the previous section, we may choose to treat the username as a secret.

Moving to the next step, we’ll click on the “Enter directly” radio button under “Private Key”. Then, from the ensuing field, we’ll click on the “Add” button:

Private key field of an SSH credential

Next, we’ll enter the private SSH key we generated in the provided field:

Private key input field of an SSH credential

We could leave the “Passphrase” field empty. Then, after filling all the necessary fields, we’ll click the “Create” button:

passphrase field of an SSH credential and Create button

3. Running git checkout With Credentials in a Jenkins Pipeline

To use Git credentials as described below, we must install the Jenkins Git plugin first. Once we’re done with that, we can create a pipeline that runs a git checkout with credentials:

#!/usr/bin/env groovy
pipeline {
    agent any
    stages {
        stage('Git Checkout') {
            steps {
                script {
                    git branch: 'main',
                        credentialsId: 'Credential ID',
                        url: 'https://github.com/username/repository.git'
                }
            }
        }
    }
}

In place of Credential ID, we’ll use the ID value we specified in the previous section. Then, for the url, we’ll write the HTTP address of the repository we want to check out. Of course, we can replace main with a branch of our choice.

We can use the same pipeline syntax with an SSH credential, but instead of using the repository’s HTTP URL, we’ll use its SSH URL:

#!/usr/bin/env groovy
pipeline {
...truncated...
                    git branch: 'main',
                        credentialsId: 'Credential ID',
                        url: '[email protected]/username/repository.git'
...truncated...
}

When doing a git checkout using SSH credentials, we have to add the public key fingerprint of the remote Git repository to our Jenkins server’s “known_hosts” file. Alternatively, we could use one of the other Git host verification strategies such as “Accept first connection”.

If the host key verification is not correctly configured, the git checkout will fail. For instance, if the host verification strategy is set to “Known hosts” but the repository’s public key fingerprint is not in the Jenkins server’s “known_hosts” file, host verification will fail.

4. Conclusion

In this article, we went over how to create Jenkins credentials. Then, we talked about how to do a git checkout using SSH and username-password credentials.

While demonstrating how to do a git checkout with SSH credentials, we emphasized the need to correctly configure the host key verification strategy to ensure success.