[JENKINS-32641] Confusing credentials configuration for GitHub Server Config

[jenkins-infra-bot]

• Create a username / password credential.
• Go to Configure System / GitHub Plugin Configuration
• Add a GitHub Server Config

EB: The created credential appears in the Credentials combo.
AB: Only none is included.

Add a username / password credential from the "Add" button in the same GitHub Server Config

EB: The new credential is added to the global config and appears in the combo.
AB: The new credential is added to the global config but does not appear in the combo.

---

Originally reported by andresrc, imported from: Confusing credentials configuration for GitHub Server Config

• assignee: lanwen
• status: Reopened
• priority: Minor
• component(s): github-plugin
• label(s): ux
• resolution: Unresolved
• votes: 0
• watchers: 3
• imported: 2025-12-08

Raw content of original issue

• Create a username / password credential.
• Go to Configure System / GitHub Plugin Configuration
• Add a GitHub Server Config

EB: The created credential appears in the Credentials combo. AB: Only none is included.

Add a username / password credential from the "Add" button in the same GitHub Server Config

EB: The new credential is added to the global config and appears in the combo. AB: The new credential is added to the global config but does not appear in the combo.

environment

Core 1.642.1<br/>
GitHub Plugin versions 1.14 and 1.16

[jenkins-infra-bot]

integer:

• Original comment link
• Raw content of original comment:

  Have you tried to use tokens? Using login/password is strongly not recommended. For converting login/password UI has helper. 
  

Have you tried to use tokens? Using login/password is strongly not recommended. For converting login/password UI has helper.

[jenkins-infra-bot]

lanwen:

• Original comment link
• Raw content of original comment:

  please read the doc on wiki and help in front of creds field.
  You can use only tokens to connect to GH in this plugin.
  
  Also, you can automatically convert your login+password creds to token creds with help of "Manage Additional GH Actions"
  

please read the doc on wiki and help in front of creds field.
You can use only tokens to connect to GH in this plugin.

Also, you can automatically convert your login+password creds to token creds with help of "Manage Additional GH Actions"

[jenkins-infra-bot]

andresrc:

• Original comment link
• Raw content of original comment:

  Hi!,
  
  I'm using username / password using a GitHub Personal Access Token instead of the password. With the PAT included in a "Secret Text" credential it works.
  Is this the intended behavior? That is username / password (even if not using the password) is not only not recommended but not supported?
  
  Thanks!
  

Hi!,

I'm using username / password using a GitHub Personal Access Token instead of the password. With the PAT included in a "Secret Text" credential it works.
Is this the intended behavior? That is username / password (even if not using the password) is not only not recommended but not supported?

Thanks!

[jenkins-infra-bot]

lanwen:

• Original comment link
• Raw content of original comment:

  Yep, it uses oauth to talk with GH, not the basic auth, so only token is supported.
  
  Basic auth can be used only to create new token.
  

Yep, it uses oauth to talk with GH, not the basic auth, so only token is supported.

Basic auth can be used only to create new token.

[jenkins-infra-bot]

ssbarnea:

• Original comment link
• Raw content of original comment:

  This bug should be reopen because the current behaviour is very confusing. The way tokens are used by everyone is that they are used instead of passwords.
  
  Still, even after adding github credentials into jenkins (users, and token as password), the ui does not list them and does not give any indication why. The result is a very poor user experience.
  

This bug should be reopen because the current behaviour is very confusing. The way tokens are used by everyone is that they are used instead of passwords.

Still, even after adding github credentials into jenkins (users, and token as password), the ui does not list them and does not give any indication why. The result is a very poor user experience.

[jenkins-infra-bot]

integer:

• Original comment link
• Raw content of original comment:

  Does credentials-plugin allows limit the number of type available for creation from add button? If not, then issue will be closed as won't fix because it known credentials-plugin pure api.
  

Does credentials-plugin allows limit the number of type available for creation from add button? If not, then issue will be closed as won't fix because it known credentials-plugin pure api.

[jenkins-infra-bot]

ssbarnea:

• Original comment link
• Raw content of original comment:

  integer, yes it does support filtering because that's even why the dropdown is empty by default, even if you already have user/password credentials configured.
  
  The amount of actions needed for configuring GitHub takes ridiculous level. Once the user is reaching the "GitHub Server Config" section in the config, not only that he faces an empty credentials dropdown but in order to add the missing credential-tokens, he needs to scroll to the Advanced button, scroll down again to reach the "Additional Actions" button, and click the only action there which helps him generate the tokens.
  
  I bet that over 50% of the users do need to google in order to be able to configure the credentials, probably spending half-an-hour for something that should take ten seconds.
  
  I raised this bug after googling for the solution the 3rd time in one year. Yes, even after reading the solution, you will forget it sooner or later.
  
  Regarding difference between token and password. I doubt there is one real difference between tokens and passwords. As far as I know tokens are just "special passwords", login process (api calls) being the same as using a plain password. I am not sure about GitLab, but I am sure about other systems that allow tokens, including Jenkins itself.
  
   
  

integer, yes it does support filtering because that's even why the dropdown is empty by default, even if you already have user/password credentials configured.

The amount of actions needed for configuring GitHub takes ridiculous level. Once the user is reaching the "GitHub Server Config" section in the config, not only that he faces an empty credentials dropdown but in order to add the missing credential-tokens, he needs to scroll to the Advanced button, scroll down again to reach the "Additional Actions" button, and click the only action there which helps him generate the tokens.

I bet that over 50% of the users do need to google in order to be able to configure the credentials, probably spending half-an-hour for something that should take ten seconds.

I raised this bug after googling for the solution the 3rd time in one year. Yes, even after reading the solution, you will forget it sooner or later.

Regarding difference between token and password. I doubt there is one real difference between tokens and passwords. As far as I know tokens are just "special passwords", login process (api calls) being the same as using a plain password. I am not sure about GitLab, but I am sure about other systems that allow tokens, including Jenkins itself.

 

[jenkins-infra-bot]

leemeador:

• Original comment link
• Raw content of original comment:

  All the instructions I found by googling tell me to use the "add credentials" section that is somewhat below where you enter the credentials so you have to read the part below the selection point for credentials to see how to add one.
  
  But, because of the way our enterprise GitHub is secured, the two add credentials options always fail with a permission error from GitHub. (There isn't any help for how to enter the correct URL of any GitHub other than public GitHub.
  
  Further, the "add" button right beside the credentials dropdown is worthless because a) it defaults to a userid/password credential instead of the needed "secret text" credential that could work and b) there is no indication of what to enter as the "secret text". (And I still don't know what that would be.)
  

All the instructions I found by googling tell me to use the "add credentials" section that is somewhat below where you enter the credentials so you have to read the part below the selection point for credentials to see how to add one.

But, because of the way our enterprise GitHub is secured, the two add credentials options always fail with a permission error from GitHub. (There isn't any help for how to enter the correct URL of any GitHub other than public GitHub.

Further, the "add" button right beside the credentials dropdown is worthless because a) it defaults to a userid/password credential instead of the needed "secret text" credential that could work and b) there is no indication of what to enter as the "secret text". (And I still don't know what that would be.)