Uploaded image for project: 'Jenkins'
  1. Jenkins
  2. JENKINS-34264

Support Global passwords from Mask Passwords in Pipeline

XMLWordPrintable

      The mask-passwords-plugin does not enable global or even locally defined variables within the block when used in a pipeline/workflow job. I have configured a global password variable "MARATHON_PASSWORD". You'll see that I've tried referencing variables in two ways (echo and sh)

      Example job config:

      node {
    stage 'Test Mask Passwords in Pipeline'
    
    wrap([$class: 'MaskPasswordsBuildWrapper', varPasswordPairs: [[password: 'thePassword', var: 'MY_PASSWORD']]]) {
        echo "retrive MY_PASSWORD by var = ${env.MY_PASSWORD}"
        sh 'echo retrieve MY_PASSWORD by var = $MY_PASSWORD'
        echo "retrieve MARATHON_PASSWORD by var = ${env.MARATHON_PASSWORD}"
        sh 'echo retrieve MARATHON_PASSWORD by var = $MARATHON_PASSWORD'
        
        echo "masking MY_PASSWORD value works = thePassword"
        sh 'echo masking MY_PASSWORD value works = thePassword'
    }
}

      Output from running job:

      [Pipeline] Allocate node : Start
Running on jenlxs7 in /apps/jenkins/slave1/workspace/CWL/AAA-TestPipeline
[Pipeline] node {
[Pipeline] stage (Test Mask Passwords in Pipeline)
Entering stage Test Mask Passwords in Pipeline
Proceeding
[Pipeline] General Build Wrapper : Start
[Pipeline] wrap {
retrive MY_PASSWORD by var = null
[Pipeline] echo
[Pipeline] sh
[AAA-TestPipeline] Running shell script
+ echo retrieve MY_PASSWORD by var =
retrieve MY_PASSWORD by var =
[Pipeline] echo
retrieve MARATHON_PASSWORD by var = null
[Pipeline] sh
[AAA-TestPipeline] Running shell script
+ echo retrieve MARATHON_PASSWORD by var =
retrieve MARATHON_PASSWORD by var =
[Pipeline] echo
masking MY_PASSWORD value works = ********
[Pipeline] sh
[AAA-TestPipeline] Running shell script
+ echo masking MY_PASSWORD value works = ********
masking MY_PASSWORD value works = ********
[Pipeline] } //wrap
[Pipeline] General Build Wrapper : End
[Pipeline] } //node
[Pipeline] Allocate node : End
[Pipeline] End of Pipeline
Finished: SUCCESS

      As you can see, the plugin does effectively mask the value of given passwords when you use the value directly within the block. However, you should be able to use the password via it's variable name.

        1. maskPasswordsFreestyle.png
          maskPasswordsFreestyle.png
          110 kB

            Unassigned Unassigned
            nels4784 Jeffrey Nelson
            Votes:
            2 Vote for this issue
            Watchers:
            11 Start watching this issue

              Created:
              Updated:
              Resolved: