Credentials dropdown does not show newly created credentials

[karianna]

Attempted to add a new (Jenkins Credential Provider) Credentials but upon saving the new credential it does not appear in the Credentials dropdown.

Jenkins ver. 2.63 and GitHub Pull Request Builder 1.37.0 with plain credentials plugin 1.4 and Credentials plugin version 2.1.13

[karianna]

This is only true for when I create a api.github.com credential. When creating a global one this appears in the list.

[jmcardon]

@karianna +1 on this issue

[EkiGui]

I had the same issue when using an SSH based authentication, but it worked fine with Username/Password credentials.
Still, there's something going awry here...

[jitendrakhedar]

I am having the same issue. Can anyone provide me the solution?

[generatz]

@karianna Jenkins 2.73.3; in my experience with setting up the Jenkins system configuration for GitHub plugin, the credential "Kind" field must be "Secret text". I tried adding two or three other types of credentials, but they do not subsequently appear in the Credentials dropdown.
See "2. At Credential level" section discussion here:
https://support.cloudbees.com/hc/en-us/articles/224543927-GitHub-webhook-configuration

[theSupermacy]

This is happening to me also. Trying to add credentials with username and password. But it is not showing me the added credentials. Need Help!!

[RameshThangamuthu]

+1 for this issue

[RameshThangamuthu]

For me, When I create multi-branch pipeline and choose source type as Bitbucket, the Bitbucket Branch Source plugin does not list the credential of type "secret text" "SSH with user and private key"

[unlikelyzero]

The documentation needs to be updated to make it clear that 'Secret Text' cannot be used with this plugin -- it must be a username / password credential.

[neil-benn]

Me too; username/password is what I'm using but when you add credentials it doesn't get added to the drop down box. First time coming back to Jenkins after 5 years and it doesn't seem to have got any easier :(!

[RiaanLab]

+1

[jpswade]

Jenkins ver. 2.111

[lawrence615]

Anyone struggling with the issue of trying to add credentials with username and password but not showing the creds on the dropdown, try this it worked for me.

Jenkins > Credentials > System > Global Credentials (or whatever group you want to have access or your access allow) > Add Credentials.

Then go back to the Source Code Management section of the project, and select the credentials from the dropdown.

[ghost]

+1

[ghost]

Worked with Secret Text access when I generated a Personal API Token

[sophoulis]

Unfortunately when using BitBucket, the use of "SSH with user and private key" is still not possible. Although I can create the credentials, I cannot use them in the multi-branch pipeline

[theDevelopper]

I have the same issue when using BitBucket and "SSH with user and private key"

[ppamorim]

Still happening... Even doing what @lawrence615 says doesn't work for me...

[giorgenes]

+1

[ychaudhari]

same as @ppamorim... still happening for me in Jenkins v2.121... @lawrence615 's solution did not work unfortunately. I'm trying to add username/password credentials for subversion.

[ychaudhari]

looks like it is resolved for me.

It turns out the credentials show up in drop down when I select Scope as Global (Jenkins, nodes, items, all child items, etc) instead of System (Jenkins and nodes only) .

FYI, parameters that I selected are:
Domain: Global credentials (unrestricted)
Kind: Username with password
Scope: Global (Jenkins, nodes, items, all child items, etc)
Username:
Password:
ID:
Description:

Credentials showed up as soon as I added them from Jenkins Credentials Provider pop-up.

[NickyWeber]

+1

SSH credentials not showing up either.

Jenkins 2.122
Pullrequest Builder Plugin 1.4.26

[bbu23]

After wasting a lot of time, I found the missing step for my case:
After adding the credentials, you need navigate to /configure and scroll down to SSH remote hosts
Here, you need to add a new host and associate the newly created credentials.
I hope this helps !

[abobwhite]

@xtina23 I don't see that option under the configure page...

[aantillonl]

I had a situation also with ssh keys and the GitHub plugin for Jenkins, but before claiming that I "fixed it", lets consider that our issues might be in fact different problems that apparently look the same.

In fact my problem was quite silly. When you add an SSH user with private key credential, it will be listed in the format <user> <description> in the dropdown. Initially I thought my key was not being listed because it was not there by ID, or description, but turns out the listing format is just different to what i was looking for.

[babakx]

For me it seems the problem was that I had "Authorization" plugin installed and enabled for my project. The issue was fixed when I updated "Authorization Strategy" and set it to "Run as who Triggered Build".

[Phelibus]

same issue when using BitBucket and "SSH with user and private key"
jenkins 2.121.2

[AnishBAH]

To all who are still struggling with above, this is the solution (as of version 2.122):

• Navigate to Jenkins > Credentials > System > Global Credentials
• Add Credential
• Select Secret Text from dropdown menu
• Add description (name of account, reason, etc.)
• In secret text box, deposit your Github Personal Access Token (GPAT)
• Save and navigate back to Jenkins > Global Configuration
• Find your Github Server Access section and select your credentials from it, then click Test Connection

Your GPAT should automatically validate your account name & resources it has access to along with setting a rate limit for the API. Good luck.

[OrenAshkenazy]

Can someone please confirm it works for BitBucket and SSH Username with private key and what is the workaround?

[marcel-kondermann]

changed from chrome to firefox, then it worked for me

[olen2006]

Anyone struggling with the issue of trying to add credentials with username and password but not showing the creds on the dropdown, try this it worked for me.
Jenkins > Credentials > System > Global Credentials (or whatever group you want to have access or your access allow) > Add Credentials.
Then go back to the Source Code Management section of the project, and select the credentials from the dropdown.

Thank you a lot. That's worked for me.

I confirm, worked with SSH plugin, after I added users I was able to see them in a drop down menu.

[aaronmarkham]

The documentation needs to be updated to make it clear that 'Secret Text' cannot be used with this plugin -- it must be a username / password credential.

I had the opposite experience. Username/password would not appear after adding it, but secret text would - that holds the token, and the ID is my github ID.

[arnaudrichard]

For me it seems the problem was that I had "Authorization" plugin installed and enabled for my project. The issue was fixed when I updated "Authorization Strategy" and set it to "Run as who Triggered Build".

What I did:
I set the authorization strategy to "SYSTEM", then I configured the job with the proper credential , then I set the authorization strategy to whatever I needed ("specific user" in my case). In the job configuration, the GUI will be wrong but the credential previously set will be used when job is ran (as long as you don't touch the credential GUI).

[agbanagba]

Had the same issue and after 3 hours of trying SSH access and secret text. I ended up trying the username and password option and it worked. It should be specified in the docs that only username/password works.

[MohammedAbdelhady]

I had the same issue and I tried to disable my ads blocker plugin and reloaded the page and it worked just fine.

[luke-shepherd]

I'm having this issue as well. Jenkins version 2.204 plugin version 1.29.5.
I cannot get either user/pass or ssh key to show up after adding either on the global credentials page or on the configuration settings page. I can use secret text, though unfortunately this type doesn't fit my use case.

edit: I'd like to add that the dropdown only contains credentials of the type secret text. Any other type of credential, existing or new, will not show up in the drop down.

[AngryGami]

This entire problem is weird. List of credentials that you see in drop down is taken from following code (from git plugin in this case):

...
CredentialsProvider.listCredentials(
                    StandardUsernameCredentials.class,
                    context,
                    context instanceof Queue.Task
                            ? Tasks.getAuthenticationOf((Queue.Task) context)
                            : ACL.SYSTEM,
                    URIRequirementBuilder.fromUri(remote).build(),
                    GitClient.CREDENTIALS_MATCHER)
...

When configuration under "Manage Jenkins" -> "Configure Global Security" -> "Access Control for Builds" is set to either "anonymous" or "Run as specific user" the list above WILL be empty and when set to either "SYSTEM" or "Run as user who triggered the build" it WILL NOT be empty.
Another difference is in what Tasks.getAuthenticationOf returns: for "anonymous" and "specific user" it will return anonymous or user that you have configured. For other two cases it returns SYSTEM, but I'm not sure what "Run as user who triggered the build" would mean if build wasn't triggered even once yet (for me it returns SYSTEM).
Digging deeper why this behavior takes place I looked inside listCredentials method and there is a cycle there:

...
        for (CredentialsProvider provider : all()) {
            if (provider.isEnabled(itemGroup) && provider.isApplicable(type)) {
                try {
                    for (ListBoxModel.Option option : provider.getCredentialIds(
                            type, itemGroup, authentication, domainRequirements, matcher)
                            ) {
                        if (ids.add(option.value)) {
                            result.add(option);
                        }
                    }
                } catch (NoClassDefFoundError e) {
                    LOGGER.log(Level.FINE, "Could not retrieve provider credentials from " + provider
                            + " likely due to missing optional dependency", e);
                }
            }
        }
...

I decided to look what this cycle does and wrote short script that I can test in jenkins Script Console:

import hudson.model.queue.Tasks;
import com.cloudbees.plugins.credentials.CredentialsProvider;
import com.cloudbees.plugins.credentials.CredentialsResolver;
import com.cloudbees.plugins.credentials.common.StandardUsernameCredentials;
import com.cloudbees.plugins.credentials.domains.URIRequirementBuilder;


def context = Jenkins.get().getItems()[1].getItems()[0]

println "Project name: ${context.name}"

def itemGroup = context
def authentication = context instanceof Queue.Task
		? Tasks.getAuthenticationOf((Queue.Task) context)
		: ACL.SYSTEM
def domainRequirements = URIRequirementBuilder.fromUri('here goes your git url').build();
def type = StandardUsernameCredentials.class


println "Project user: ${authentication.name}\n"


for (CredentialsProvider provider : CredentialsProvider.all()) {
  if (provider.isEnabled(context) && provider.isApplicable(StandardUsernameCredentials.class)) {
    def creds = provider.getCredentials(type, itemGroup, authentication, domainRequirements);
    println "provider: ${provider.getClass().getName()}"
    println "  returns credentials: ${creds}"
  }
}

I've run this script with different values of "Access Control for Builds" and here what I got:

For "SYSTEM"

Project name: ServiceA
Project user: SYSTEM

provider: io.jenkins.blueocean.rest.impl.pipeline.credential.BlueOceanCredentialsProvider
  returns credentials: []
provider: com.cloudbees.hudson.plugins.folder.properties.FolderCredentialsProvider
  returns credentials: []
provider: com.cloudbees.plugins.credentials.SystemCredentialsProvider$ProviderImpl
  returns credentials: [com.cloudbees.jenkins.plugins.sshcredentials.impl.BasicSSHUserPrivateKey@18889b51]
provider: com.cloudbees.plugins.credentials.UserCredentialsProvider
  returns credentials: []

For "Run as user who triggered the build"

Project name: ServiceA
Project user: SYSTEM

provider: io.jenkins.blueocean.rest.impl.pipeline.credential.BlueOceanCredentialsProvider
  returns credentials: []
provider: com.cloudbees.hudson.plugins.folder.properties.FolderCredentialsProvider
  returns credentials: []
provider: com.cloudbees.plugins.credentials.SystemCredentialsProvider$ProviderImpl
  returns credentials: [com.cloudbees.jenkins.plugins.sshcredentials.impl.BasicSSHUserPrivateKey@18889b51]
provider: com.cloudbees.plugins.credentials.UserCredentialsProvider
  returns credentials: []

For "anonymous"

Project name: ServiceA
Project user: anonymous

provider: io.jenkins.blueocean.rest.impl.pipeline.credential.BlueOceanCredentialsProvider
  returns credentials: []
provider: com.cloudbees.hudson.plugins.folder.properties.FolderCredentialsProvider
  returns credentials: []
provider: com.cloudbees.plugins.credentials.SystemCredentialsProvider$ProviderImpl
  returns credentials: []
provider: com.cloudbees.plugins.credentials.UserCredentialsProvider
  returns credentials: []

For "Run as specific user"

Project name: ServiceA
Project user: admin

provider: io.jenkins.blueocean.rest.impl.pipeline.credential.BlueOceanCredentialsProvider
  returns credentials: []
provider: com.cloudbees.hudson.plugins.folder.properties.FolderCredentialsProvider
  returns credentials: []
provider: com.cloudbees.plugins.credentials.SystemCredentialsProvider$ProviderImpl
  returns credentials: []
provider: com.cloudbees.plugins.credentials.UserCredentialsProvider
  returns credentials: []

As you can see any credentials at all returned only for cases "SYSTEM" and "Run as user who triggered the build" and in both cases are returned by SystemCredentialsProvider.
This provider will only return credentials if your current authentication (result of Tasks.getAuthenticationOf call, NOT your current login) is SYSTEM which is backed up by following code:

        public <C extends Credentials> List<C> getCredentials(@NonNull Class<C> type, @Nullable ItemGroup itemGroup,
                                                              @Nullable Authentication authentication,
                                                              @NonNull List<DomainRequirement> domainRequirements) {
            if (ACL.SYSTEM.equals(authentication)) {
                CredentialsMatcher matcher = Jenkins.get() == itemGroup ? always() : not(withScope(SYSTEM));
                return DomainCredentials.getCredentials(SystemCredentialsProvider.getInstance()
                        .getDomainCredentialsMap(), type, domainRequirements, matcher);
            }
            return new ArrayList<C>();
        }

Very first line of this method checks authentication parameter being equal to ACL.SYSTEM and will be false for "anonymous" and "Run as specific user" options because Tasks.getAuthenticationOf result is NOT SYSTEM.
I think this is intentional behavior that is related to security. So SystemCredentialsProvider is dead end.
Then I noticed UserCredentialsProvider and thought that it might be a solution. This provider is responsible for returning credentials that are configured directly at user level (i.e. "People" -> <your user, 'admin' in my case> -> "Credentials")

And after I've added credentials like this voila:

Credentials are now visible in the list but of course only when "Access Control for Builds" is set "Run as specific user" and credentials are set at this "specific" user level. I don't know how to fix that for anonymous case.
Unfortunately there is no way you can define credentials like this using "Add" button, since it doesn't even provide such an option as "credentials for particular user".

[jonny7]

I have the same problem for Bitbucket + SSH Key also

[noeliajimenezg]

Hi
I resolved the issue selecting "Git" instead of "Github" and using the ssh URL from Github.
I didn't have any problem selecting the SSH private key credentials type.

[llmagicll]

If you want to use an API Token do not create a new credentials with a secret text but with username/password and use the token as your password !

More information here: https://stackoverflow.com/questions/48330402/secret-text-git-credentials-not-showing-up-in-jenkins-project-source-code-mana

Works for me like a charm 👍

This solution save my day

[prabhakar1990]

This is happening to me also. Trying to add credentials with username and password. But it is not showing me the added credentials. Need Help!!

[prabhakar1990]

This is happening to me also. Trying to add credentials with username and password. But it is not showing me the added credentials. Need Help!!

[newtorob]

Not sure if this is the same issue as others, but I know this is the plugin.

I am running into a very small credentials drop down, and I don't think it's actually pulling in my credentials.

This is what I am seeing.

I added the credentials beforehand and it was fine, I also added them in the job itself but they aren't showing up.

[sylvain-combe-sonarsource]

Same pb... I find it really difficult to understand how credentials are managed in Jenkins...

[Graham42]

More info if you're using the Authorize Project plugin

Once you switch jobs from running as SYSTEM you will encounter a feature of the Credentials API, namely that credentials are only exposed to specific authentications.

There is a permission within the Credentials plugin known as Credentials/UseItem. In order for an authentication to be able to resolve a credentials in either the root scoped store or a folder scoped store, that authentication must have the Credentials/UseItem permission.

By default the Credentials/UseItem permission is hidden and users receive this permission through implication by the Job/Configure permission. A Jenkins administrator can make the permission visible by defining the com.cloudbees.plugins.credentials.UseItemPermission system property with the value of true, e.g. by adding -Dcom.cloudbees.plugins.credentials.UseItemPermission=true to the Jenkins JVM start-up options.

Source: https://github.com/jenkinsci/credentials-plugin/blob/master/docs/user.adoc

[ntonx]

If you want to use an API Token do not create a new credentials with a secret text but with username/password and use the token as your password !
More information here: https://stackoverflow.com/questions/48330402/secret-text-git-credentials-not-showing-up-in-jenkins-project-source-code-mana
Works for me like a charm 👍

This solution save my day

Thanks , I lost much time until I saw this solutions! this works!!

[vejeta]

The documentation needs to be updated to make it clear that 'Secret Text' cannot be used with this plugin -- it must be a username / password credential.

I had the opposite experience. Username/password would not appear after adding it, but secret text would - that holds the token, and the ID is my github ID.

This solved it for me.

When configuring jenkins in /configure

Section: GitHub Servers.

When adding the credentials, using secret instead of username/password, it could be added.
Using my username as the ID.
I am using Jenkins: Jenkins ver. 2.222.3

Weird but true.

[sideokyou-ucla]

Okay. this will be your solution.

For the Github API call, you need to have a personal access token from Github.

Creating a personal access token -> https://github.com/settings/tokens/new

Once you create the token, register it as secret text then, test it. it will work.

[althummar]

Attempted to add a new (Jenkins Credential Provider) Credentials but upon saving the new credential it does not appear in the Credentials dropdown.

Jenkins ver. 2.63 and GitHub Pull Request Builder 1.37.0 with plain credentials plugin 1.4 and Credentials plugin version 2.1.13

Hi @karianna
I don't know whether or not you are able to find the solution for this Credential editing and not showing in SSH drop down menu. But I was facing the same issue but after following below steps I was able to see the new added credential to the drop down menu.

Under Mangae Jenkins > Manage credential > select Global (From Stores scoped to Jenkins) > Add Credential > Kind(SSH Username with private key) Scope (Global ...) Username and Add private key which you generated while creating remote ssh.

This worked for me hope this will work for you too or whoever is facing this problem. Thank you.

[karianna]

Thanks that's a useful workaround.

[cheeyeo]

When running the Jenkins Docker image I encountered the same issue when trying to Read Pipeline Script From SCM

It depends on the format of the git url

If you are using the https version of the URL then your credentials must have username of the github ID and the password set to the access token before it shows up.

If you are using the SSH version of the URL, then your credentials must have the username to be the github ID, password set to access token created, and the private key added.

The access token is meant to be a replacement for the password from my understanding.

Hope that helps.

[patbecich]

In Jenkins 2.263.1, this info box was helpful to me:

Credentials used to scan branches and pull requests, check out sources and mark commit statuses.

Note that only "username with password" credentials are supported. Existing credentials of other kinds will be filtered out. This is because Jenkins uses the GitHub API, which does not support other ways of authentication.

If none is given, only the public repositories will be scanned, and commit status will not be set on GitHub.

If your organization contains private repositories, then you need to specify a credential from a user who has access to those repositories. This is done by creating a "username with password" credential where the password is GitHub personal access tokens. The necessary scope is "repo".

(from GitHub Branch Source Plugin)

[anfxanfx]

This worked for me: https://blog.plee.me/2019/06/missing-credentials-in-dropdown-for-jenkins-build-configuration/
There's an obscure setting in Configure Global Security that enabled all the credential options to appear in the dropdown list.

[mirekphd]

This can be also a narrow-scoping problem: change the Credential's scope from System to Global and either Secret Text or User/Password variant should appear in the drop-box:).

[nikhilve99]

Attempted to add a new (Jenkins Credential Provider) Credentials but upon saving the new credential it does not appear in the Credentials dropdown.
Jenkins ver. 2.63 and GitHub Pull Request Builder 1.37.0 with plain credentials plugin 1.4 and Credentials plugin version 2.1.13

Hi @karianna
I don't know whether or not you are able to find the solution for this Credential editing and not showing in SSH drop down menu. But I was facing the same issue but after following below steps I was able to see the new added credential to the drop down menu.

Under Mangae Jenkins > Manage credential > select Global (From Stores scoped to Jenkins) > Add Credential > Kind(SSH Username with private key) Scope (Global ...) Username and Add private key which you generated while creating remote ssh.

This worked for me hope this will work for you too or whoever is facing this problem. Thank you.

thanks this solution works to me

[subhammisra45]

I am using Jenkins version 2.277.3. I wanted to clone my repo from Bitbucket, so I installed Bitbucket server integration plugin. In config page I provide instance URL and Personal access token and test connection result is successful. But in job configuration page, Bitbucket credential select dropdown isn't showing the previously added creds, even if it is set as Global scope. I tried to add the creds as secret text, username-password, but that didn't work too. Adding as a secret text job config page shows successful connection, but job build fails saying authentication unsuccessful .

[josefloressv]

According to the Jenkins Credentials Documentation

When the remote repository is accessed with the HTTP or HTTPS protocols, the plugin requires a username / password credential. Other credential types will not work with HTTP or HTTPS protocols.

When the remote repository is accessed with the ssh protocol, the plugin requires an ssh private key credential. Other credential types will not work with the ssh protocol.

For my hands-on lab, I used username/password and it's work!

[vcd195]

In Jenkins 2.263.1, this info box was helpful to me:

Credentials used to scan branches and pull requests, check out sources and mark commit statuses.
Note that only "username with password" credentials are supported. Existing credentials of other kinds will be filtered out. This is because Jenkins uses the GitHub API, which does not support other ways of authentication.
If none is given, only the public repositories will be scanned, and commit status will not be set on GitHub.
If your organization contains private repositories, then you need to specify a credential from a user who has access to those repositories. This is done by creating a "username with password" credential where the password is GitHub personal access tokens. The necessary scope is "repo".
(from GitHub Branch Source Plugin)

I tried the above solution - creating a "username with password" credential where the password is GitHub personal access tokens - and it worked , but I can't help thinking this is maybe not the best way. Has anyone tried this plug-in or womething similar? https://www.theserverside.com/tutorial/Use-the-Jenkins-OAuth-plug-in-to-securely-pull-from-GitHub

[jedallado]

I'm still getting this problem and only the "Secret text" kind worked for me. I've used my personal token under the secret text field.

[winterwd]

For me it seems the problem was that I had "Authorization" plugin installed and enabled for my project. The issue was fixed when I updated "Authorization Strategy" and set it to "Run as who Triggered Build".

nice