-
Bug
-
Resolution: Fixed
-
Major
-
None
Currently, it is possible and even very well likely to unintentionally print credentials obtained with the vault plugin to the jenkins log. As a user of this plugin I would want the vault plugin to behave like the credentials binding plugin https://wiki.jenkins-ci.org/display/JENKINS/Credentials+Binding+Plugin and mask any passwords from the log.
Our team would be willing to provide a PR.
[JENKINS-39383] Vault Plugin should mask credentials in build log
Tobias Larscheid
added a comment - ptierno PR is open: https://github.com/jenkinsci/hashicorp-vault-plugin/pull/2, let's further discuss it in github. Thank you!
Tobias Larscheid
added a comment - ptierno PR is open: https://github.com/jenkinsci/hashicorp-vault-plugin/pull/2 , let's further discuss it in github. Thank you! Code changed in jenkins
User: Peter Tierno
Path:
src/main/java/com/datapipe/jenkins/vault/MaskingConsoleLogFilter.java
src/main/java/com/datapipe/jenkins/vault/VaultBuildWrapper.java
src/test/java/com/datapipe/jenkins/vault/VaultBuildWrapperTest.java
http://jenkins-ci.org/commit/hashicorp-vault-plugin/0781c2515a64ae6e53b0e9241ddaadcad1ddd431
Log:
Merge pull request #2 from tobilarscheid/master
Fixes JENKINS-39383, JENKINS-37201
Automatically mask credentials from build log
Compare: https://github.com/jenkinsci/hashicorp-vault-plugin/compare/b8c7fcb19161...0781c2515a64
Peter Tierno
added a comment - Fixed in PR #2 
tobilarscheid I was planning on adding this. If your team can provide a pr then that would be great.
Thanks