Skip to content

Folder credentials silently removed after JCasC reload in Jenkins 2.541.x (worked in 2.528.3) #26407

New issue
New issue
Open
Bug
Open
Folder credentials silently removed after JCasC reload in Jenkins 2.541.x (worked in 2.528.3)#26407
Bug
@pradhan567

Description

@pradhan567
pradhan567
opened on Mar 5, 2026

Jenkins and plugins versions report

Environment

  • Jenkins: 2.541.1 / 2.541.2 (LTS)
  • configuration-as-code: 2006.v001a_2ca_6b_574
  • cloudbees-folder: 6.1053.vd62fb_b_f7367b_
  • job-dsl: 1.84

Previously working with:

  • Jenkins: 2.528.3
  • cloudbees-folder: 6.1040.v8a_e6330a_54e3

Operating System

Linux (production Jenkins server)

Issue Description

After upgrading Jenkins from 2.528.3 to 2.541.x, manually added folder credentials are being silently removed during a JCasC reload. This was not the behavior in 2.528.3.

There is no warning or error in the logs — the credentials simply disappear.

What Operating System are you using (both controller, and any agents involved in the problem)?

Ubuntu

Reproduction steps

  1. Start Jenkins 2.528.3 with a JCasC configuration that defines a folder with folderLibraries but does not define folderCredentialsProperty.
jobs:
  - script: >
      folder('test-folder'){
        properties {
          folderLibraries {
            libraries {
              libraryConfiguration {
                name("my-library")
                retriever {
                  modernSCM {
                    scm {
                      git {
                        remote("https://github.com/example/repo.git")
                        credentialsId("my-cred")
                      }
                    }
                  }
                }
              }
            }
          }
        }
      }

  1. Manually add a credential to test-folder:

  2. Navigate to: test-folder → Credentials → Folder → Add Credentials

  3. Add a username/password credential with ID manual-cred

  4. Trigger JCasC reload:
    Manage Jenkins → Configuration as Code → Reload existing configuration

  5. On Jenkins 2.528.3
    Confirm that manual-cred is still present in test-folder

  6. Upgrade Jenkins to 2.541.1 or 2.541.2

  7. Repeat steps 2–3

  8. On Jenkins 2.541.x
    Observe that manual-cred is removed

Expected Results

Expected Behavior
Folder credentials that are not defined in JCasC YAML should be preserved after a reload, consistent with behavior in Jenkins 2.528.3.
At minimum, a warning should be logged if folder properties are being overwritten or cleared.

Actual Results

Actual Behavior

  • Jenkins 2.528.3: Manually added folder credentials are retained after JCasC reload
  • Jenkins 2.541.1 / 2.541.2: Manually added folder credentials are silently removed after JCasC reload
    This represents a breaking change in behavior between these versions.

Anything else?

Impact

  • Production incident caused by silent credential removal
  • No warning or error logged
  • Required rollback to 2.528.3 and restoration from backup
  • Risk of data loss for folder-scoped credentials after upgrade

Are you interested in contributing a fix?

No response

Metadata

Metadata

Assignees

No one assigned

    Labels

    No labels
    No labels

    Type

    Bug

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions