Uploaded image for project: 'Jenkins'
  1. Jenkins
  2. JENKINS-21690

Hide passwords in source code of jobs configuration page

    XMLWordPrintable

    Details

    • Similar Issues:

      Description

      Currently when using the "Mask passwords" option to hide passwords in logs, the listed passwords are readable in source code of configuration page.

      Regards.

        Attachments

          Issue Links

            Activity

            Hide
            elie_malesys Elie Malesys added a comment -

            any news?

            Regards,
            Elie.

            Show
            elie_malesys Elie Malesys added a comment - any news? Regards, Elie.
            Hide
            robwhyte Rob Whyte added a comment -

            Hi,

            I'm also very interested to hear when this can be fixed... It's pointless to mask passwords in the logs if they can be accessed directly by viewing the source code.

            Thanks in advance,
            Rob.

            Show
            robwhyte Rob Whyte added a comment - Hi, I'm also very interested to hear when this can be fixed... It's pointless to mask passwords in the logs if they can be accessed directly by viewing the source code. Thanks in advance, Rob.
            Hide
            gssiyankai Gregory SSI-YAN-KAI added a comment -

            I've also noticed that the password is visible in clear text when you go to the environment variables of a build:
            JENKINS_URL/job/JOB_NAME/BUILD_NUMBER/injectedEnvVars

            Show
            gssiyankai Gregory SSI-YAN-KAI added a comment - I've also noticed that the password is visible in clear text when you go to the environment variables of a build: JENKINS_URL/job/JOB_NAME/BUILD_NUMBER/injectedEnvVars
            Hide
            oleg_nenashev Oleg Nenashev added a comment -

            The issue for EnvInject will be fixed in https://github.com/jenkinsci/mask-passwords-plugin/pull/4. The original issue is a duplicate of JENKINS-14687

            Show
            oleg_nenashev Oleg Nenashev added a comment - The issue for EnvInject will be fixed in https://github.com/jenkinsci/mask-passwords-plugin/pull/4 . The original issue is a duplicate of JENKINS-14687

              People

              Assignee:
              danielpetisme Daniel Petisme
              Reporter:
              elie_malesys Elie Malesys
              Votes:
              1 Vote for this issue
              Watchers:
              4 Start watching this issue

                Dates

                Created:
                Updated:
                Resolved: