[JENKINS-27486] Workflow step to mask console output

Type: Bug
Resolution: Fixed
Priority: Major
Component/s: pipeline
Labels:
None

Similar Issues:
Powered by SuggestiMate

Show

We want to have a block statement that allows sensitive tokens to be masked from the console output inside the body, such as:

maskPassword("s3cr3t!") {
  echo "Hello s3cr3t!" // this should produce "Hello ***********" or something
}

The exact syntax can be anything, but the above one would prove the concept that this can be done in a composable manner.

depends on

JENKINS-27392 API to decorate console output

Resolved

is related to

JENKINS-28219 After entering a username/password combo in Credentials Binding, I can print out the value of the password inside a Jenkins job

Resolved

JENKINS-28719 Store environment variable values for CoreWrapperStep as Secret

Open

relates to

JENKINS-36007 Way to mask arbitrary Secret (was: Password is clear on log with input parameter)

Open

links to

PR 6

Jesse Glick added a comment - 2015-03-30 23:06

Would like the Mask Passwords plugin to be able to do this via SimpleBuildWrapper; and BindingStep in the Credentials Binding plugin should also do this.

Jesse Glick added a comment - 2015-03-30 23:06 Would like the Mask Passwords plugin to be able to do this via SimpleBuildWrapper ; and BindingStep in the Credentials Binding plugin should also do this.

SCM/JIRA link daemon added a comment - 2015-04-01 14:43

Code changed in jenkins
User: Jesse Glick
Path:
src/test/java/org/jenkinsci/plugins/credentialsbinding/impl/BindingStepTest.java
http://jenkins-ci.org/commit/credentials-binding-plugin/6673cd9dde0bf13682852a502b56eca64a26b4e9
Log:
~~JENKINS-27486~~ Reproduced problem in test.

SCM/JIRA link daemon added a comment - 2015-04-01 14:43 Code changed in jenkins User: Jesse Glick Path: src/test/java/org/jenkinsci/plugins/credentialsbinding/impl/BindingStepTest.java http://jenkins-ci.org/commit/credentials-binding-plugin/6673cd9dde0bf13682852a502b56eca64a26b4e9 Log: JENKINS-27486 Reproduced problem in test.

SCM/JIRA link daemon added a comment - 2015-04-01 14:43

Code changed in jenkins
User: Jesse Glick
Path:
pom.xml
src/main/java/org/jenkinsci/plugins/credentialsbinding/impl/BindingStep.java
src/test/java/org/jenkinsci/plugins/credentialsbinding/impl/BindingStepTest.java
http://jenkins-ci.org/commit/credentials-binding-plugin/9d48a1036801612e02d8642211e9b188bd804f79
Log:
[FIXED JENKINS-27486] Mask passwords accidentally sent to log.

SCM/JIRA link daemon added a comment - 2015-04-01 14:43 Code changed in jenkins User: Jesse Glick Path: pom.xml src/main/java/org/jenkinsci/plugins/credentialsbinding/impl/BindingStep.java src/test/java/org/jenkinsci/plugins/credentialsbinding/impl/BindingStepTest.java http://jenkins-ci.org/commit/credentials-binding-plugin/9d48a1036801612e02d8642211e9b188bd804f79 Log: [FIXED JENKINS-27486] Mask passwords accidentally sent to log.

Michael Lihs added a comment - 2018-09-28 08:30

Hi jglick,

since this seems to be resolved, could you please provide a link to some documentation on how to use it? From what I see in the linked commits, this only works with the WithCredentials step - which is not what had been asked for in this issue (and is not what I need) - hence I am asking whether the requirement in the description has been met or not.

I also posted a question on SO, which might make things clearer: https://stackoverflow.com/questions/52551232/hiding-passwords-in-jenkins-pipeline-log-output-without-using-withcredentials

Thanks a lot for your work and your help!

Michael

Michael Lihs added a comment - 2018-09-28 08:30 Hi jglick , since this seems to be resolved, could you please provide a link to some documentation on how to use it? From what I see in the linked commits, this only works with the WithCredentials step - which is not what had been asked for in this issue (and is not what I need) - hence I am asking whether the requirement in the description has been met or not. I also posted a question on SO, which might make things clearer: https://stackoverflow.com/questions/52551232/hiding-passwords-in-jenkins-pipeline-log-output-without-using-withcredentials Thanks a lot for your work and your help! Michael

Jesse Glick added a comment - 2018-09-28 18:18

See JENKINS-36007.

Jesse Glick added a comment - 2018-09-28 18:18 See JENKINS-36007 .

Jenkins

Details

Description

Attachments

Issue Links

Activity

Collapse comment: Jesse Glick added a comment - 2015-03-30 23:06

Expand comment: Jesse Glick added a comment - 2015-03-30 23:06

Collapse comment: SCM/JIRA link daemon added a comment - 2015-04-01 14:43

Expand comment: SCM/JIRA link daemon added a comment - 2015-04-01 14:43

Collapse comment: SCM/JIRA link daemon added a comment - 2015-04-01 14:43

Expand comment: SCM/JIRA link daemon added a comment - 2015-04-01 14:43

Collapse comment: Michael Lihs added a comment - 2018-09-28 08:30

Expand comment: Michael Lihs added a comment - 2018-09-28 08:30

Collapse comment: Jesse Glick added a comment - 2018-09-28 18:18

Expand comment: Jesse Glick added a comment - 2018-09-28 18:18

People

Dates