Uploaded image for project: 'Jenkins'
  1. Jenkins
  2. JENKINS-22942

Job Import Plugin: Password field is cleartext

XMLWordPrintable

      Job import plugin has the "Passwor/API key" in cleartext. Contents of this field are stored on the server so anyone can see the password of the user that previously imported jobs via the plugin.

      I understand that API keys are preferred to be in cleartext. So ideal solution may be to split this into two separate fields: Password that will be a real password field (with obscured input) and API key that will show the key in cleartext.

          [JENKINS-22942] Job Import Plugin: Password field is cleartext

          Pawel Defee created issue -
          Sagayaraj David made changes -
          Priority Original: Minor [ 4 ] New: Blocker [ 1 ]
          Don Schiewer made changes -
          Labels New: security
          Emilio Escobar made changes -
          Assignee New: Emilio Escobar [ escoem ]
          Emilio Escobar made changes -
          Status Original: Open [ 1 ] New: In Progress [ 3 ]
          Emilio Escobar made changes -
          Link New: This issue is duplicated by JENKINS-33307 [ JENKINS-33307 ]
          Emilio Escobar made changes -
          Remote Link New: This issue links to "PR (Web Link)" [ 14145 ]
          Emilio Escobar made changes -
          Remote Link New: This issue links to "PR (Web Link)" [ 14146 ]
          Emilio Escobar made changes -
          Resolution New: Fixed [ 1 ]
          Status Original: In Progress [ 3 ] New: Resolved [ 5 ]
          R. Tyler Croy made changes -
          Workflow Original: JNJira [ 155089 ] New: JNJira + In-Review [ 195132 ]

            escoem Emilio Escobar
            paweldefee Pawel Defee
            Votes:
            7 Vote for this issue
            Watchers:
            13 Start watching this issue

              Created:
              Updated:
              Resolved: