Beta

Certified Jenkins Engineer

Jenkins Administration and Monitoring Part 1

Demo Jenkins Folder Part 2

In this guide, we’ll extend our Jenkins folder hierarchy by creating a new team-b folder under shared-infrastructure and then add a pipeline to illustrate how folder-scoped credentials are inherited (or not).

1. Create the team-b Folder and Pipeline

  1. In Jenkins UI, navigate to shared-infrastructure.
  2. Click New Item, enter team-b, select Folder, and hit OK.
  3. Inside team-b, click New Item again, name it team-b-pipeline, choose Pipeline, then OK.
  4. Under PipelineDefinition, point to the same Jenkinsfile:
pipeline {
    agent any
    environment {
        SHARED_DB_CREDS = credentials('shared-db-creds')
        TEAM_A_CREDS   = credentials('team-a-creds')
    }
    stages {
        stage('Accessing Credentials') {
            steps {
                script {
                    echo "Username from Shared-Folder Credentials: ${SHARED_DB_CREDS_USR}"
                    echo "Username from Team-A folder Credentials: ${TEAM_A_CREDS_USR}"
                }
            }
        }
    }
    post {
        success { echo "Build completed successfully" }
        failure { echo "Build failed" }
    }
}

Note

Jenkins uses folder-based permission checks to isolate credentials. Anything defined in a parent folder is inherited by its subfolders.

2. Trigger the Pipeline

Click Build Now on team-b-pipeline. The job will start but ultimately fail:

2.1 Console Output

Started by user siddharth
[Pipelines] Start of Pipeline
[Pipelines] node
Running on Jenkins in /var/lib/jenkins/workspace/shared-infrastructure/team-b/team-b-pipeline
[Pipelines] {
[Pipelines]   stage
[Pipelines]     (Accessing Credentials)
[Pipelines]   { ... }
[Pipelines]   // stage
[Pipelines]   End of Pipeline
ERROR: team-a-creds
Finished: FAILURE

Warning

team-b-pipeline cannot retrieve team-a-creds. Credentials scoped to team-a are invisible to team-b, which is a sibling folder.

3. Understanding Folder-Scoped Credential Inheritance

Credential LocationVisible To
shared-infrastructureteam-a, team-b (and any subfolders)
team-aItems in team-a only
team-bItems in team-b only
  1. Shared folder credentials (shared-db-creds) are inherited by all child folders.
  2. Folder-specific credentials (team-a-creds) only apply within their own folder.

This clear separation ensures that sensitive data remains scoped to the appropriate teams.

Thank you for following this demonstration on Jenkins folder-scoped credential inheritance!

Watch Video

Watch video content

Previous
Demo Jenkins Folder Part 1
Next
Demo Jenkins Folder Part 3