Configuring Folder-Specific Credentials

This topic describes how to store credentials in a specific folder in Jenkins so that only authorized users can access those credentials. The topic also describes how to give users folder-level permissions to the folder that contains the credentials.

You must install the Role-Based Strategy in Jenkins. By using the Role-Based Strategy plugin, you can effectively manage folder-level access and permissions for credentials, ensuring secure and organized credential management.

Configuring folder-level access involves setting up appropriate folder-level roles and permissions in Jenkins and assigning those roles to users.

To configure folder-specific credentials:

  1. In Jenkins, create the folder where you want to store the credentials.

  2. From the Jenkins Dashboard, navigate to the created folder and then navigate to Credentials > Folder > Global credentials.

  3. On the folder-specific Global credentials page, create a credential to store the Secret Server application account username and password or create a credential resolver configuration.

    For detailed instructions on how to create a credential, see Creating a Credential for the Secret Server Application Account in Jenkins(begin from step 3). For detailed instructions on how to create a credential resolver configuration, see Creating a Credential Resolver Configuration (begin from step 3).

  4. Install the Role-Based Strategy plugin:

    1. Navigate to Manage Jenkins > Plugins > Available plugins.

    2. Search for Role-Based Strategy and install the displayed plugin.

  5. Enable role-based strategy:

    1. Go to Manage Jenkins > Security.

    2. In the Authorization list, select the Role-Based Strategy option.

    3. Select Save.

  6. Set up the folder-level roles and permissions:

    1. Navigate to Manage Jenkins > Manage and Assign Roles > Manage Roles.

    2. Under the Global roles section, select Add to create a new role and assign it to the Overall > Read permission.

      The image below shows example roles "roleforTestUser1" and "roleforTestUser2."

    3. Under the Item roles section, assign the roles at least the Create Credentials permission and other required permissions (for example, Read, Build, Configure) and specify folder patterns in the Pattern column to apply them to specific folders.

      The folder pattern must match the folder name. The image below shows the folder patterns for example "AppUser1" and "AppUser2" folders.

    4. Select Save.

  7. Assign the roles to users or groups:

    1. Navigate to Manage Jenkins > Manage and Assign Roles > Assign Roles.

    2. Assign the roles to users or groups as needed.

    3. Select Save to save the role assignments to users or groups.

    Now only the users and groups that have these folder-level roles can access the secrets stored in the folder.