Performance issues caused by the Fingerprinting of Credentials Usage

Article ID:360055304192
2 minute readKnowledge base


  • Jenkins shows disk space issues although the disk holding $JENKINS_HOME is not full: No space left on device
        at Method)
        at hudson.util.AtomicFileWriter.<init>(
  • Jenkins' builds and navigation is slowed down, and a thread dump shows several threads BLOCKED or WAITING like the following:

        at hudson.XmlFile.write(
        - eliminated <0x00007f2ec6c47108> (a hudson.model.Fingerprint)
        at hudson.model.Fingerprint.add(
        - eliminated <0x00007f2ec6c47108> (a hudson.model.Fingerprint)
        at hudson.model.Fingerprint.addFor(
        - locked <0x00007f2ec6c47108> (a hudson.model.Fingerprint)
        at com.cloudbees.plugins.credentials.CredentialsProvider.trackAll(
        at com.cloudbees.plugins.credentials.CredentialsProvider.track(


The fingerprinting of credentials used for tracking credentials usage can cause a very large number of files to be created under $JENKINS_HOME/fingerprints. To check if you are out of inodes, run df -i and check the %iused column for any mounts at 100% used.

  • A command like find $JENKINS_HOME/fingerprints -name *.xml -ctime -1 -exec tar -rf recent_inodes.tar {} \; can be used to find all fingerprint files created within the last day.

  • A command like find $JENKINS_HOME/fingerprints -name *.xml -mtime -1 -exec tar -rf recent_inodes.tar {} \; can be used to find all fingerprint files modified within the last day.

In most cases, it causes inodes usage spikes. It could well reveals itself as lock contention on from com.cloudbees.plugins.credentials.CredentialsProvider.trackAll.


If impacted by this issue, make sure you run version 2.3.5 or later of the Credentials plugin. Then disable the fingerprinting for credentials tracking by executing the script com.cloudbees.plugins.credentials.CredentialsProvider.FINGERPRINT_ENABLED=false in Manage Jenkins  Script Console. To make the change persistent, add the system property -DCredentialsProvider.fingerprintEnabled=false on start up. See How to add Java arguments to Jenkins.

By disabling the fingerprinting of credentials, the functionality that tracks credentials usage is disabled (this functionality allows a user with access to the credentials page to check what job / build has used a specific credentials recently).