View Azure Credentials on the plugin site for more information.
Azure Credentials Plugin
Jenkins plugin to manage Azure credentials.
It supports the following Azure credential types:
- Azure Service Principal, with the following authentication mechanism:
- Client secret
- Certificate (Add the certificate to Jenkins credentials store and reference it in the Azure Service Principal configuration)
- Azure Managed Service Identity (MSI)
- Credentials In Azure Key Vault
Using Azure credentials in your own Jenkins plugin
Update your project POM file to reference
azure-credentialsplugin and necessary dependencies:
Add the credential selector in the
Build the Azure client from the credential
Getting an iterator to all SYSTEM owned Azure Credentials
Using AzureCredentials in the job (freestyle / pipeline)
Custom binding for AzureCredentials to support reading Azure service principal in both freestyle and pipeline using Credentials Binding plugin.
In freestyle jobs, click
Use secret text(s) or file(s) in the
Build Environment in the configuration page and add a
Microsoft Azure Service Principal item, which allows you add credential bindings where the Variable value will be used as the name of the environment variable that your build can use to access the value of the credential. With the default variable names you can reference the service principal as the following:
In pipelines, there're two ways to construct this binding:
With defaults, which will read specified service principal into four predefined environment variables:
AZURE_TENANT_ID. Sample pipeline code:
With custom name, where you can control the names of the variables. Sample pipeline code:
Version 1.6.1, 2019-03-29
- Support managed identities for Azure resources
Version 1.6.0, 2018-03-29
- Use scoped credentials lookup
Version 1.5.0, 2018-02-09
- Support for certificate based service principal
- Fix the configuration verification bug on non-global clouds
Version 1.4.0, 2017-12-21
- Support Environment selection for MSI credentials
Version 1.3.1, 2017-11-27
- Disable plugin first class loader to fix remote class loading issue before Jenkins 2.66.
PluginFirstClassLoader#findResource returns null which causes ClassNotFoundException on remote class loading from slave to master.
Version 1.3, 2017-11-03
- Support for Azure KeyVault credentials
- Support for MSI credentials
- Upgrade Azure SDK dependency to version 1.3.0
- Add Third Party Notices
Version 1.2, 2017-06-19
- Improve credential creation experience:
- Change subscription ID, client ID and OAuth Endpoint from secret to plain text.
- Give OAuth Endpoint a default value to make it easier to compose from tenant ID.
Add a custom binding for AzureCredentials so that you can use Azure service principal in Credentials Binding plugin.
Now in a Jenkins pipeline you can retrieve Azure service principal and use it in Azure CLI using the following code:
You can also use Azure service principal in freestyle project by checking "Use secret text(s) or file(s)".
Version 1.1, 2017-06-02
- Bug fix: fix an issue that tenant is corrupted after update an existing credential.
Version 1.0, 2017-03-08
- Initial release