-
Type:
Bug
-
Resolution: Cannot Reproduce
-
Priority:
Critical
-
Component/s: credentials-binding-plugin, pipeline
-
Environment:Jenkins ver. 2.46.2
Credentials Plugin 2.1.13
Credentials Binding Plugin 1.11
I am running the following:
node{
stage ("Use credentials") {
withCredentials([usernameColonPassword(credentialsId: 'myApiTokenId', variable: 'credentials')]) {
echo "$credentials"
//making this call does not mask credentials
sh returnStdout:true, script: "curl -sko /dev/null -w %{http_code} \"https://example.com/path\" --user $credentials"
}
}
}
OUTPUT:
[Pipeline] node
Running on master in /var/lib/jenkins/workspace/Test Pipeline
[Pipeline] {
[Pipeline] stage
[Pipeline] { (Check if test job is valid)
[Pipeline] withCredentials
[Pipeline] {
[Pipeline] echo
****
[Pipeline] sh
[Test Pipeline] Running shell script
+ curl -sko /dev/null -w '%{http_code}' https://fpajenkinstest.wdf.sap.corp/job/i856200TestJob --user myusername:4985641987298791451542
[Pipeline] }
[Pipeline] // withCredentials
[Pipeline] }
[Pipeline] // stage
[Pipeline] }
[Pipeline] // node
[Pipeline] End of Pipeline
Finished: SUCCESS
Expected:
Not have credentials exposed in logs.
Interestingly, if I use the UsernamePasswordMultiBinding class the username will be masked but not password.