How to debug Jenkins Forgotten Credentials.

 

Double-click on the image to zoom-out ...Larger.

To return to Home page: Refresh Page or Take ESC Button on Keyboard.

How to debug Jenkins forgotten credentials.

If you’ve forgotten credentials stored in Jenkins, you can retrieve or reset them using various methods depending on access level.

1. Check Jenkins Credentials Store (If You Have Access)

1. Navigate to Credentials Manager

   • Go to Jenkins Dashboard > Manage Jenkins > Manage Credentials
   • Expand relevant credentials domains (e.g., "Global credentials")
   • Click on the credential entry to see details (some may be masked)

2. Use Script Console to Retrieve Credentials (Admin Access Required)

   • Navigate to Manage Jenkins > Script Console
   • Run the following Groovy script:

     # groovy-script
     
     import jenkins.model.*
     import com.cloudbees.plugins.credentials.*
     import com.cloudbees.plugins.credentials.domains.*
     
     def creds = Jenkins.instance.getExtensionList('com.cloudbees.plugins.credentials.SystemCredentialsProvider')[0].credentials
     creds.each { c -> println("${c.id} => ${c.username ?: 'N/A'} : ${c.password ?: c.secret ?: 'Cannot display'}") }
     

   • This will list stored credentials (masked passwords may not be recoverable).

2. Reset Credentials (If Recovery Is Not Possible)

a. Reset Jenkins Admin Password

If you forgot the admin password:

1. Check Initial Password File (For First-Time Login)

   sudo cat /var/lib/jenkins/secrets/initialAdminPassword
   

2. Reset Password (For Local Users)
   • Stop Jenkins:

     sudo systemctl stop jenkins
     

   • Edit config.xml: 
   • sudo find /-name jenkins/config.xml 
   • /var/lib/jenkins/config.xml

   • sudo nano /var/lib/jenkins/config.xml
     

     Find:

     # config.xml
     
     <useSecurity>true</useSecurity>
     

     Change it to:

     # config.xml
     
     <useSecurity>false</useSecurity>
     

   • Restart Jenkins:

     sudo systemctl start jenkins
     

   • Log in without authentication, reset the password, and re-enable security.

b. Reset Git Credentials

1. Check Stored Git Credentials in Jenkins

   cat /var/lib/jenkins/.git-credentials
   

2. Reset GitHub/GitLab Access Token
   • Visit your repository host (GitHub/GitLab/Bitbucket).
   • Regenerate a new Personal Access Token (PAT).
   • Update it in Jenkins under Manage Credentials.

c. Reset SSH Keys

If Jenkins uses SSH for Git or server connections:

• Check stored keys

  
  ls -la /var/lib/jenkins/.ssh/
  

• Regenerate a new key (if missing)

  ssh-keygen -t rsa -b 4096 -C "jenkins@example.com"
  

• Add the new key to GitHub/GitLab
  • Copy and add the public key:

    cat ~/.ssh/id_rsa.pub
    

d. Reset Docker or Kubernetes Credentials

• Docker Credentials:

  cat ~/.docker/config.json
  

  If authentication fails, re-login:

  docker login -u <username> -p <password>
  

• Kubernetes Credentials:

  kubectl config view
  

  If expired, refresh tokens or get a new kubeconfig.

3. Enable Jenkins Logging for Debugging

• View logs for credential errors:

  sudo journalctl -u jenkins -f
  

• Increase log verbosity in Manage Jenkins > System Log.

Prevention Tips

Use a password manager to store credentials.
Enable SSH key authentication instead of passwords.
Regularly rotate secrets and update them in Jenkins.
Use environment variables instead of hardcoding credentials in pipelines.