-
Bug
-
Resolution: Fixed
-
Major
Currently when you use withCredentials with e.g. UsernamePasswordMultiBinding, the secret is saved in program.dat for the duration of the block. It is later removed, but it would be safer if it were guaranteed to never be persisted at all. That seems to require an API change: either in EnvVars to allow a given variable to be directly marked as secret and thus to be persisted only via Secret, or by lifting up sensitiveBuildVariables from AbstractBuild to Run, or by allowing BodyInvoker.withContext to provide something like an environment variable factory rather than a raw EnvVars.
- is related to
-
JENKINS-26128 Dynamically-scoped env step
-
- Resolved
-
-
JENKINS-28719 Store environment variable values for CoreWrapperStep as Secret
-
- Open
-
- links to
[JENKINS-27631] Do not even temporarily save secrets in Workflow build record
| Remote Link | New: This issue links to "PR 5 (Web Link)" [ 12186 ] |
| Link |
New:
This issue is related to |
| Status | Original: Open [ 1 ] | New: In Progress [ 3 ] |
| Remote Link | New: This issue links to "PR 6 (Web Link)" [ 12202 ] |
| Resolution | New: Fixed [ 1 ] | |
| Status | Original: In Progress [ 3 ] | New: Resolved [ 5 ] |
| Link | New: This issue is related to JENKINS-28719 [ JENKINS-28719 ] |
| Workflow | Original: JNJira [ 161843 ] | New: JNJira + In-Review [ 196881 ] |
| Labels | Original: api security workflow | New: api pipeline security workflow |
| Labels | Original: api pipeline security workflow | New: api pipeline security |