How to find an agent secret key remotely?

Article ID:222520647
2 minute readKnowledge base

Issue

I have created an agent, and I would like to dynamically retrieve the secret key to start up the agent.

Resolution

Only users with a certain level of permissions can retrieve this information:

  • as a non-administrator user, a solution is to download the jenkins-agent.jnlp and parse it to get the secret

  • as a administrator, a solution is to run a groovy script using the Jenkins CLI or the Jenkins REST API

For any users

You can download the "jenkins-agent.jnlp" file at $NODE_URL/jenkins-agent.jnlp. This file contains XML content that includes the secret.

You can use curl to download this file for a particular agent, and extract the first argument under <application-desc><argument>. This can be done with curl and sed:

curl -L -s -u ${USER}:${API_TOKEN} ${CONTROLLER_URL}/computer/${AGENT_NAME}/jenkins-agent.jnlp | sed "s/.*<application-desc><argument>\([a-z0-9]*\).*/\1\n/"

With the following variables:

Variable Description

USER

A user with permissions to view nodes

API_TOKEN

API token of the user

CONTROLLER_URL

The url of your controller

AGENT_NAME

The name of the agent

Other solutions can be used to download the file and extract the secret.
The user must have the permission Agent/Connect to run this curl command successfully.
Connecting dedicated agents via -jnlpUrl is deprecated as of Jenkins LTS 2.437 (changelog). However, this method of retrieving the agent secret via $NODE_URL/jenkins-agent.jnlp is still valid.

For administrators only

As an administrator, another solution is to use the Jenkins Script Console. The Jenkins CLI or the Jenkins REST API can also be used to execute script remotely.

controller agents

To get the secret of a controller agent, the following script can be used:

jenkins.model.Jenkins.getInstance().getComputer("$NODE_NAME").getJnlpMac()

operations center shared agents

To get the secret of a Shared Agent, the following script can be used - in the Jenkins Script Console of the operations center:

def sharedAgent = Jenkins.getInstance().getItems(com.cloudbees.opscenter.server.model.SharedSlave.class) .find { it.launcher != null && it.launcher.class.name == 'com.cloudbees.opscenter.server.jnlp.slave.JocJnlpSlaveLauncher' && it.name == "shared-agent"} return sharedAgent?.launcher.getJnlpMac(sharedAgent)

See also: