-
New Feature
-
Resolution: Unresolved
-
Critical
On jenkins pipeline i use input with Password param but password is shown on console log
exemple:
def userInput = input(
id: 'userInput', message: 'Let\'s promote?', submitter: 'DL_KATANACLOUD_TEAM', parameters: [
[$class: 'PasswordParameterDefinition', description: 'Password', name: 'pwd']
])
sh ("echo ${userInput['pwd']}")
- is duplicated by
-
JENKINS-34264 Support Global passwords from Mask Passwords in Pipeline
-
- Resolved
-
- relates to
-
JENKINS-27398 Pipeline-as-Code CredentialsProvider for a job
-
- Open
-
-
JENKINS-43814 Password parameters should be hidden in pipeline logs by default
-
- Open
-
-
JENKINS-27486 Workflow step to mask console output
-
- Resolved
-
-
JENKINS-47101 Pipeline withCredentials step does not mask step descriptions for variables with the same name as existing system variables
-
- Resolved
-
Secrets are not masked unless you do something specific to mask them, such as using the Credentials Binding or Mask Passwords plugin.
In this case, PasswordParameterValue returns a Secret value, which SecretPickle does ensure is not stored in cleartext in the build record itself (program.dat), but we are missing a build wrapper which would let you specify that occurrences of the plaintext in subsequent log output should be masked.