Bitbucket Branch Source credentials missing from dropdown for slow credential providers

Last Reviewed:2026-03-25()
2 minute readKnowledge base

Issue

After upgrading to version 937.2.3 or newer of the Bitbucket Branch Source plugin plugin (CloudBees CI 2.541.1.35570 or newer), credentials using external secret providers such as Hashicorp Vault no longer appear in the credentials dropdown when configuring:

  • Bitbucket Endpoints under Manage Jenkins  System  Bitbucket Endpoints

  • Multibranch Pipeline jobs under Branch Sources  Credentials

  • Organization Folder items under Repository Sources  Credentials

This affects credential types that query external services to resolve secrets, including:

  • Vault username/password credentials (vaultUsernamePassword)

  • Vault secret text credentials (vaultSecretText)

  • Other credential providers with network latency

Environment

Related Issue(s)

Explanation

Version 937.2.3 introduced a denylist mechanism that removes credential types from the selection dropdown if they take too long to resolve secrets. This was designed to prevent Jenkins UI pages from timing out when many credentials exist, but it adversely affects legitimate credential providers that query external services like Hashicorp Vault.

The plugin uses a timeout threshold to determine credential availability (250 milliseconds by default). When a credential provider exceeds this threshold (typically due to network latency when querying external secret managers), the entire credential type is removed from the available options.

Resolution

No permanent fix is available. See Workaround below.

Workaround

Increase the credential resolution timeout by setting a system property.

Option 1: Via startup arguments

Add the following to your Jenkins startup arguments:

-Dbitbucket.credentials.resolutionTimeout=<value_in_milliseconds>

Replace <value_in_milliseconds> with an appropriate timeout value (e.g., 5000 for 5 seconds).

Restart CloudBees CI for the change to take full effect.

Option 2: Via Script Console

  1. Navigate to Manage Jenkins  Script Console

  2. Run the following script:

    System.setProperty("bitbucket.credentials.resolutionTimeout", "<value_in_milliseconds>")
com.cloudbees.jenkins.plugins.bitbucket.util.BitbucketCredentialsUtils.resetBlacklist()

    Replace <value_in_milliseconds> with an appropriate timeout value.

Setting the property via Script Console is temporary and will be lost after a restart unless also configured in startup arguments.

References

This article is part of our Knowledge Base and is provided for guidance-based purposes only. The solutions or workarounds described here are not officially supported by CloudBees and may not be applicable in all environments. Use at your own discretion, and test changes in a safe environment before applying them to production systems.