Uploaded image for project: 'Jenkins'
  1. Jenkins
  2. JENKINS-27389

credentials set via 'withCredentials' block isn't accesible from 'env'

XMLWordPrintable

      Unclear if it's in workflow or in credentials-binding plugin.

      During an engagement, I found that the following ugly but seemingly valid workflow script doesn't let me acess the value of the secret:

      def credential(name) {
  def v;
  withCredentials([[$class: 'StringBinding', credentialsId: name, variable: 'foo']]) {
      v = env.foo;
  }
  return v
}

node {
  echo credential("idOfSecretText")
}

          [JENKINS-27389] credentials set via 'withCredentials' block isn't accesible from 'env'

          Jesse Glick added a comment -

          Possibly related to JENKINS-26552 and changes in PR 41.

          Jesse Glick added a comment - Possibly related to JENKINS-26552 and changes in PR 41.

          SCM/JIRA link daemon added a comment -

          Code changed in jenkins
          User: Jesse Glick
          Path:
          src/test/java/org/jenkinsci/plugins/credentialsbinding/impl/BindingStepTest.java
          http://jenkins-ci.org/commit/credentials-binding-plugin/82c0d5e025abec7ec00b1179c46f9c9b3266c18a
          Log:
          JENKINS-27389 Reproduced problem in test.

          SCM/JIRA link daemon added a comment - Code changed in jenkins User: Jesse Glick Path: src/test/java/org/jenkinsci/plugins/credentialsbinding/impl/BindingStepTest.java http://jenkins-ci.org/commit/credentials-binding-plugin/82c0d5e025abec7ec00b1179c46f9c9b3266c18a Log: JENKINS-27389 Reproduced problem in test.

          SCM/JIRA link daemon added a comment -

          Code changed in jenkins
          User: Jesse Glick
          Path:
          pom.xml
          src/test/java/org/jenkinsci/plugins/credentialsbinding/impl/BindingStepTest.java
          http://jenkins-ci.org/commit/credentials-binding-plugin/2fe481bbc1f7866448730fc3d89c66a246ebb14e
          Log:
          [FIXED JENKINS-27389] Confirming that fix of JENKINS-26552 solved this as well.

          SCM/JIRA link daemon added a comment - Code changed in jenkins User: Jesse Glick Path: pom.xml src/test/java/org/jenkinsci/plugins/credentialsbinding/impl/BindingStepTest.java http://jenkins-ci.org/commit/credentials-binding-plugin/2fe481bbc1f7866448730fc3d89c66a246ebb14e Log: [FIXED JENKINS-27389] Confirming that fix of JENKINS-26552 solved this as well.

          SCM/JIRA link daemon added a comment -

          Code changed in jenkins
          User: Jesse Glick
          Path:
          CHANGES.md
          http://jenkins-ci.org/commit/workflow-plugin/8aba4d5b6c7236aaddbda7c69e89807c872add4f
          Log:
          JENKINS-27389 Noting.

          SCM/JIRA link daemon added a comment - Code changed in jenkins User: Jesse Glick Path: CHANGES.md http://jenkins-ci.org/commit/workflow-plugin/8aba4d5b6c7236aaddbda7c69e89807c872add4f Log: JENKINS-27389 Noting.

          Jesse Glick added a comment -

          Note that the originally suggested script is valid, but insecure: the secret will be persisted in plaintext in the build record while the build is in progress. (At the end of the build it will be deleted.) Idiomatic use of withCredentials would prevent this (see JENKINS-27631).

          Jesse Glick added a comment - Note that the originally suggested script is valid, but insecure: the secret will be persisted in plaintext in the build record while the build is in progress. (At the end of the build it will be deleted.) Idiomatic use of withCredentials would prevent this (see JENKINS-27631 ).

            jglick Jesse Glick
            kohsuke Kohsuke Kawaguchi
            Votes:
            0 Vote for this issue
            Watchers:
            4 Start watching this issue

              Created:
              Updated:
              Resolved: