search

jenkinsci / jfrog-plugin

The Jenkins JFrog Plugin allows for easy integration between Jenkins and the JFrog Platform.
https://github.com/jfrog/jenkins-jfrog-plugin
Apache License 2.0
11 stars 27 forks source link

Use system credential instead of global one #31

Open tim-goto opened 4 months ago

tim-goto commented 4 months ago

Describe the bug

the plugin currently only accepts global credentials that are available to all jenkins users/jobs/.. This poses a security risk as this credential can be read by any user. Instead the plugin should be able to accept a system credential which can only be accessed by jenkins administrators

Current behavior

see above

Reproduction steps

No response

Expected behavior

No response

JFrog plugin version

1.5.0

JFrog CLI version

2.56.1

Operating system type and version

linux

JFrog Artifactory version

No response

JFrog Xray version

No response

yahavi commented 3 months ago

@tim-goto

Thank you for using the Jenkins JFrog plugin!

This plugin is supposed to support system-scoped credentials. You can see that the plugin reads them here: https://github.com/jfrog/jenkins-jfrog-plugin/blob/jfrog-1.5.0/src/main/java/io/jenkins/plugins/jfrog/plugins/PluginsUtils.java#L68

Could you please double-check to verify that it is not supported? The credentials should be set in the "JFrog Plugin Configuration" section: image