Credentials action missing from job item sidebar after upgrading CloudBees CI

Last Reviewed:2026-07-03()
2 minute readKnowledge base

Issue

After upgrading CloudBees CI to version 2.528.x, the Credentials action is no longer visible in the job-level sidebar on managed controllers and client controllers. Attempting to access credentials at the job item level results in the following error:

Access Denied <username> is missing the Credentials/View

Credentials remain accessible at the Project or Global scope but are not visible when navigating to an individual job item.

Cause

The Credentials Plugin distinguishes between consuming credentials and managing them. Under the standard security model, credentials are managed at the System or Folder level; individual jobs utilize credentials but do not have a management context of their own. As a result, the Credentials action is not exposed in the job-level sidebar by default.

This UI inconsistency was introduced in a plugin update bundled with the CloudBees CI 2.528.x upgrade and has been addressed in Credentials Plugin version 1453.v9b_a_29777a_b_fd.

Resolution

The Credentials Plugin version is managed by the CloudBees Assurance Program (CAP), so a direct plugin update through the Plugin Manager is not available. Choose one of the following options:

Option 1 – Upgrade CloudBees CI:

Upgrade to a CloudBees CI release 2.541.1.35570 or newer that bundle Credentials Plugin version newer than 1453.v9b_a_29777a_b_fd.

Option 2 – Use a Beekeeper Plugin Exception:

Beekeeper plugin exceptions allow you to override the CAP-managed version of a plugin by defining the exception in a plugin catalog file. Refer to Add Beekeeper plugin exceptions for prerequisites and important considerations before proceeding.

  1. Create or update a plugin catalog file (for example, plugin-catalog.json) to include a beekeeperExceptions entry for the Credentials Plugin:

    { "type": "plugin-catalog", "version": "1", "name": "credentials-exception", "displayName": "Credentials Exception", "configurations": [ { "description": "Credentials plugin Beekeeper exception", "beekeeperExceptions": { "credentials": { "version": "1453.v9b_a_29777a_b_fd" } } } ] }
  2. Install the plugin catalog on the operations center. Refer to Add a plugin catalog.

  3. From the operations center, select the arrow next to the target controller and select Configure.

  4. Under Plugin Catalog, select Allow exceptions.

  5. Select Specify a plugin catalog for this controller.

  6. In Catalog, select the plugin catalog created in step 1.

  7. Select Check Validity and confirm that "The catalog is compatible with the controller" is returned.

  8. Select Save.

Beekeeper plugin exceptions bypass CAP verification. Plugins may not work together as expected, and you do not receive full CloudBees support for unverified configurations. Return to the CAP-approved version as soon as you can upgrade CloudBees CI.

References

If the Conjur Secrets Plugin is installed on the controller, the Credentials action continues to appear in the job-level sidebar as a side effect of that plugin’s sidebar contribution, regardless of the Credentials Plugin version installed. This is specific to the Conjur Secrets Plugin and does not represent a fix for the underlying issue.
This article is part of our Knowledge Base and is provided for guidance-based purposes only. The solutions or workarounds described here are not officially supported by CloudBees and may not be applicable in all environments. Use at your own discretion, and test changes in a safe environment before applying them to production systems.