The Jenkins credentials-binding plugin provides a convenient way to securely store secrets like usernames/passwords in Jenkins. You can even inject these secrets into build steps as environmental variables in a job like this:

For a username/password pair, the plugin will inject the pair as a single value joined by :. You can split the credentials into their respective parts using bash string manipulation operators like % and #.

Assuming you configured the job to inject a variable named CREDENTIALS, you can do:

1
2
3
4
5
6

USERNAME=${CREDENTIALS%:*}
PASSWORD=${CREDENTIALS#*:}

# proof of concept - don't echo this in real life :)
echo USERNAME=$USERNAME
echo USERNAME=$PASSWORD