Attaching credentials in deployment automation

On this page

When modeling an application or microservice, you can attach credentials these ways:

  • For credentials, attach one or more credentials to component, application, or microservice process steps.

  • For credentials for impersonation, attach only one impersonation credential to these objects:

    • Component process

    • Component process step

    • application or microservice process

    • Application or microservice process step

When you deploy the application or microservice, CloudBees Flow applies the credentials based on the user permissions and deploys the application or microservice in one or more environments.


This example describes how to define roles and privileges when an application or microservice is deployed to more than one environment and specific users are limited to specific environments.

You can attach impersonation credentials to an application or microservice in the GUI. The application or microservice has these credentials:

  • Development (dev)

  • Quality Engineering (qe)

  • Production (prod)

Users have these privileges:

  • User A is allowed to deploy the application or microservice to build a MyQSQL database in any environment and has admin privileges.

  • User B is allowed to only deploy the application or microservice in the quality (qa) environments and is not trusted in the development (dev) and production(prod) environments.

The following user permissions determine what users are allowed to do in CloudBees Flow.You can configure these credentials only from the GUI.

  • You configure User A’s profile in the automation platform and give User A higher-order privileges than other users. User A has the following credentials, including a credential for impersonation:

    For each environment in CloudBees Flow, set a property using a reference such as $[myEnvironment/dbConfigName] and define a unique value, which can be passed as a credential to a process or process step. In the development (dev) environment, set dbConfigName = dbUser_dev. In the quality engineering (qe) environment, set dbConfigName = dbUser_qa. ** In the production (prod) environment, set dbConfigName = dbUser_prod.

  • When you configure User B’s profile in the automation platform, User B is only given the credentials to deploy in the quality (qa) environment. You do not need to set properties to be passed as credentials when the application or microservice is deployed.

Attaching the same credentials from the automation platform is more complicated. Instead of setting only one credential for User A and one for User B, you need to create three unique credentials for the environments in addition to credentials for the various user and environment combinations, such as User A and the development environment.

Copyright © 2010-2020 CloudBees, Inc.Online version published by CloudBees, Inc. under the Creative Commons Attribution-ShareAlike 4.0 license.CloudBees and CloudBees DevOptics are registered trademarks and CloudBees Core, CloudBees Flow, CloudBees Flow Deploy, CloudBees Flow DevOps Insight, CloudBees Flow DevOps Foresight, CloudBees Flow Release, CloudBees Accelerator, CloudBees Accelerator ElectricInsight, CloudBees Accelerator Electric Make, CloudBees CodeShip, CloudBees Jenkins Enterprise, CloudBees Jenkins Platform, CloudBees Jenkins Operations Center, and DEV@cloud are trademarks of CloudBees, Inc. Most CloudBees products are commonly referred to by their short names — Accelerator, Automation Platform, Flow, Deploy, Foresight, Release, Insight, and eMake — throughout various types of CloudBees product-specific documentation. Oracle and Java are registered trademarks of Oracle and/or its affiliates. Jenkins is a registered trademark of the non-profit Software in the Public Interest organization. Used with permission. See here for more info about the Jenkins project. The registered trademark Jenkins® is used pursuant to a sublicense from the Jenkins project and Software in the Public Interest, Inc. Read more at Apache, Apache Ant, Apache Maven, Ant and Maven are trademarks of The Apache Software Foundation. Used with permission. No endorsement by The Apache Software Foundation is implied by the use of these marks.Other names may be trademarks of their respective owners. Many of the designations used by manufacturers and sellers to distinguish their products are claimed as trademarks. Where those designations appear in this content, and CloudBees was aware of a trademark claim, the designations have been printed in caps or initial caps. While every precaution has been taken in the preparation of this content, the publisher and authors assume no responsibility for errors or omissions, or for damages resulting from the use of the information contained herein.