发表新帖
发表新帖

How to export credentials from one jenkins instance to another?

后端 未结
关注
5 1981
一向
一向 2020-12-13 20:35

I am using the credentials plugin in Jenkins to manage credentials for git and database access for my team\'s builds. I would like to copy the credentials from one jenkins i

相关标签:
5条回答
  • 死守一世寂寞
    2020-12-13 21:02

    This is what worked for me.

    Create a job in Jenkins that takes the credentials and writes them to output. If Jenkins replaces the password in the output with ****, just obfuscate it first (add a space between each character, reverse the characters, base64 encode it, etc.)

    I used a Powershell job to base64 encode it:

    [convert]::ToBase64String([text.encoding]::Default.GetBytes($mysecret))

    And then used Powershell to convert the base64 string back to a regular string:

    [text.encoding]::Default.GetString([convert]::FromBase64String("bXlzZWNyZXQ="))
    0 讨论(0)
  • 温柔的废话
    2020-12-13 21:02

    Did you try to copy the $JENKINS_HOME/users folder and the $JENKINS_HOME/credentials.xml file to the other Jenkins instance?

    0 讨论(0)
  • 一个人的身影
    2020-12-13 21:05

    I was also facing the same problem. What worked for me is I copied the credentials.xml, config.xml and the secrets folder from existing jenkins to the new instance. After the restart of jenkins things worked fine.

    0 讨论(0)
  • 名媛妹妹
    2020-12-13 21:13

    After trying quite a few things for several days this is the best solution I found for migrating my secrets from a Jenkins 2.176 to a new clean Jenkins 2.249.1 jenkins-cli was the best approach for me.

    The process is quite simple just dump the credentials from the old instance to a local machine, or Docker pod with java installed, as a XML file (unencrypted) and then uploaded to the new instance.

    Before starting you should verify the following:

    • Access to the credentials section on both Jenkins instances
    • Download the jenkins-ccli.jar from one of the instances (https://www.your-jenkins-url.com/cli/)
    • Have User and Password/Token at hand.

    Notice: In case your jenkins uses an oAuth service you will need to create a token for your user. Once logged into jenkins at the top right if you click your profile you can verify both username and generate password.

    Now for the special sauce, you have to execute both parts from the same machine/pod:

    Notice: If your instances are using valid Certificates and you want to secure your connection you must remove the -noCertificateCheck flag from both commands.

    # OLD JENKINS DUMP # 

    export USER=madox@example.com
export TOKEN=f561banana6ead83b587a4a8799c12c307
export SERVER=https://old-jenkins-url.com/

java -jar jenkins-cli.jar -noCertificateCheck -s $SERVER -auth $USER:$TOKEN list-credentials-as-xml "system::system::jenkins" > /tmp/jenkins_credentials.xml

    # NEW JENKINS IMPORT # 

    export USER=admin
export TOKEN=admin
export SERVER=https://new-jenkins-url.com/

java -jar jenkins-cli.jar -noCertificateCheck -s $SERVER -auth $USER:$TOKEN import-credentials-as-xml "system::system::jenkins" < /tmp/jenkins_credentials.xml
    0 讨论(0)
  • -上瘾入骨i
    2020-12-13 21:16

    UPDATE: TL;DR Follow the link provided below in a comment by Filip Stachowiak it is the easiest way to do it. In case it doesn't work for you go on reading.

    Copying the $HUDSON_HOME/credentials.xml is not the solution because Jenkins encrypts paswords and these can't be decrypted by another instance unless both share a common key.

    So, either you use the same encription keys in both Jenkins instances (Where's the encryption key stored in Jenkins? ) or what you can do is:

    1. Create the same user/password, you need to share, in the 2nd Jenkins instance so that a valid password is generated

    2. What is really important is that user ids in both credentials.xml are the same. For that (see the credentials.xml example below) for user: Jenkins the identifier <id>c4855f57-5107-4b69-97fd-298e56a9977d</id> must be the same in both credentials.xml

      <com.cloudbees.plugins.credentials.SystemCredentialsProvider plugin="credentials@1.22">
  <domainCredentialsMap class="hudson.util.CopyOnWriteMap$Hash">
    <entry>
      <com.cloudbees.plugins.credentials.domains.Domain>
        <specifications/>
      </com.cloudbees.plugins.credentials.domains.Domain>
      <java.util.concurrent.CopyOnWriteArrayList>                
        <com.cloudbees.plugins.credentials.impl.UsernamePasswordCredentialsImpl>
          <scope>GLOBAL</scope>
          <id>c4855f57-5107-4b69-97fd-298e56a9977d</id>
          <description>Para SVN</description>
          <username>jenkins</username>
          <password>J1ztA2vSXHbm60k5PjLl5jg70ZooSFKF+kRAo08UVts=    
          </password>                        
        </com.cloudbees.plugins.credentials.impl.UsernamePasswordCredentialsImpl>
      </java.util.concurrent.CopyOnWriteArrayList>
    </entry>
  </domainCredentialsMap>
</com.cloudbees.plugins.credentials.SystemCredentialsProvider>
    0 讨论(0)
 看不清?
提交回复
热议问题