Uploaded image for project: 'Jenkins'
  1. Jenkins
  2. JENKINS-43814

Password parameters should be hidden in pipeline logs by default

    XMLWordPrintable

Details

    Description

      In a pipeline script when a developer uses `withCredentials` credentials are hidden in logs to reduces the chance of accidental disclosure (see JENKINS-38181)

      When using a password parameter in a job the same concept should be applied to it and it should be impossible to display its value in logs

      A work-around is to use the MaskPasswordsBuildWrapper but it has to be manually done (and it's a bit crappy)

      node {
        wrap([$class: 'MaskPasswordsBuildWrapper', varPasswordPairs: [[password: "${myPassword}", var: 'PASSWORD']]]) {
         println myPassword
         sh 'echo "Hello World ${myPassword}"'
        }
      }

       

       

      .

      Attachments

        Issue Links

          Activity

            People

              Unassigned Unassigned
              aheritier Arnaud Héritier
              Votes:
              6 Vote for this issue
              Watchers:
              11 Start watching this issue

              Dates

                Created:
                Updated: