< img height="1" width="1" style="display:none;" alt="" src="https://px.ads.linkedin.com/collect/?pid=3131724&fmt=gif" />

Credential Management

Credentials are objects that contain sensitive information, such as usernames and passwords, SSH keys, and tokens. When the DevOps pipeline runs, it interacts with objects in the external environment to perform a series of tasks, including pulling code, pushing and pulling images, and running scripts. During this process, corresponding credentials are required, and these credentials will not appear in plain text in the pipeline.

DevOps project users with the necessary permissions can configure credentials for Jenkins pipelines. After users add or configure these credentials in the DevOps project, they can use these credentials in the DevOps project to interact with third-party applications.

Currently, you can create the following types of credentials in a DevOps project:

  • Username and password: A username and password, which can be handled as separate components or as a colon-separated string (in the format username:password), such as GitHub and GitLab accounts.

  • SSH key: A username with a private key, an SSH public/private key pair.

  • Access token: A token with access permissions.

  • kubeconfig: Used to configure cross-cluster authentication.

This document demonstrates how to create and manage credentials in a DevOps project. For more information on how to use credentials, see Create a Pipeline Using a Jenkinsfile and Create a Pipeline Using Graphical Editing Panels.

Prerequisites

  • DevOps must have been installed and enabled.

  • A workspace, a DevOps project, and a user (e.g. project-regular) have been created, and the user has been invited to the DevOps project with the operator role. See Role and Member Management.

Create Credentials

  1. Log in to the KubeSphere web console as the project-regular user.

  2. Click Workspace Management and enter your DevOps project.

  3. In the left navigation pane, select DevOps Project Settings > Credentials.

  4. On the Credentials page, click Create.

  5. In the Create Credential dialog that appears, enter a credential name and select a credential type. Different credential types require different parameters to be set. Please refer to the following content for details.

    • Create a username and password credential

      Taking creating a GitHub user credential as an example, you need to set the following parameters:

      ParameterDescription

      Name

      Set the credential name, such as github-id.

      Type

      Select Username and password.

      Username

      Enter your GitHub username.

      Password/Token

      Enter your GitHub token.

      Description

      An introduction to the credential.

      Note
      • Since August 2021, GitHub requires token-based authentication. Here you need to enter the token instead of the GitHub password. For information on how to generate a token, see Create a Personal Access Token.

      • If your account or password contains special characters such as @ and $, errors may occur during pipeline runs due to unrecognized characters. In such cases, encode your account or password on a third-party website (e.g., urlencoder) and then copy and paste the encoded result as your credential information.

    • Create an SSH key credential

      ParameterDescription

      Name

      Set the credential name.

      Type

      Select SSH key.

      Username

      Enter your username.

      Private Key

      Enter your SSH key.

      Passphrase

      Enter the passphrase. It is recommended to set this parameter for better account security.

      Description

      An introduction to the credential.

    • Create an access token credential

      ParameterDescription

      Name

      Set the credential name.

      Type

      Select Access token.

      Token

      Enter your token.

      Description

      An introduction to the credential.

    • Create a kubeconfig credential

      ParameterDescription

      Name

      Set the credential name, such as demo-kubeconfig.

      Type

      Select kubeconfig.

      Content

      The system automatically obtains the kubeconfig file content of the current Kubernetes cluster and automatically fills in this field. You do not need to make any changes. However, when accessing other clusters, you may need to change the kubeconfig.

      Description

      An introduction to the credential.

      Note

      The file used to configure cluster access is called a kubeconfig file. This is a generic way to reference the configuration file. For more information, see Kubernetes Documentation.

View and Manage Credentials

  1. Click the created credential to enter its detail page and view the credential details and all events related to this credential.

  2. Click Edit to modify the credential information, and click Delete to delete the credential.

    Note

    When editing credentials, KubeSphere does not display the existing username or password information. If you enter a new username and password, the previous one will be overwritten.

Receive the latest news, articles and updates from KubeSphere


Thanks for the feedback. If you have a specific question about how to use KubeSphere, ask it on Slack. Open an issue in the GitHub repo if you want to report a problem or suggest an improvement.