How to git pull with adding credentials SECURELY in bash or Jenkins pipeline

Question

I want to git pull a project in GitLab via bash in Jenkins pipeline. It looks something like this:

pipeline {
    agent any
    stages {
        stage('build') {
            steps {
                git branch: 'develop',
                    credentialsId: '12345-123-123123-1f54-123141e67c',
                    url: 'ssh://git@gitlab.blabla:PORT/group/project.git'
                
                sh 'cd /var/www/project/'
                sh 'git pull origin develop'
            }
        }
    }

}

But it requires inserting a username and password for every request. I find out about adding the credentials using these ways that stated in this SO discussion.

But using git config credential.helper will store the credentials in plain text which is it is not safe. And also cloning the project with the username and password in the git URL like this https://user:pass@domain/repo is also not safe.

Is there any way to do it securely?

Answer 1

Sure. You can:

        stage('Cloning git repository') {
            steps {
                script {
                    checkout([$class: 'GitSCM', branches: [[name: '*/dev']], extensions: [[$class: 'RelativeTargetDirectory', relativeTargetDir: 'my-repository']], userRemoteConfigs: [[credentialsId: 'MY_GIT_CREDENTIAL', url: 'https://github.com/user/my-repository.git']]])
                    
                }
            }
        }

Then just cd my-repository. You don't need to do that through a sh step. Jenkins will hand credentials through the checkout() step. You can use SSH keys or username and password stored into Jenkins credentials with that.

Best regards.