-
Bug
-
Resolution: Fixed
-
Major
-
None
-
Jenkins ver. 2.60.3
Credentials Binding Plugin v1.13
Credentials Plugin v2.1.15
openjdk version "1.8.0_141"
RHEL 7.3
-
-
2.85
There seems to be an issue with the Pipeline step withCredentials and how it masks variables.
It seems that when a variable name already exists in the current environment, the step description masking is skipped and the variables are rendered as clear text.
In the console log, the steps are masked correctly (the step description is not included anyway).
I first observed this happening in the Blue Ocean UI as part of a script pipeline job.
As a workaround, using a script seems to hide the step description (for shell cmds at least).
Pipeline code to reproduce:
pipeline {
agent any
stages {
stage('test withCredentials bug'){
steps {
withCredentials([usernameColonPassword(credentialsId: 'withCredentialsBug', variable: 'USER')]) {
sh "echo '$USER'"
sh './user.sh'
}
withCredentials([usernameColonPassword(credentialsId: 'withCredentialsBug', variable: 'USRPWD')]) {
sh "echo '$USRPWD'"
sh './user.sh'
}
}
}
}
}
user.sh helper script exists in the workspace:
echo "\$USERPWD = $USRPWD" echo "\$USER = $USER"
I've attached some screenshots below.
- duplicates
-
JENKINS-63254 Warn against using secrets in groovy strings
-
- Resolved
-
- is duplicated by
-
-
- Resolved
-
- relates to
-
-
- Open
-
-
JENKINS-31582 Log / document the plugin usage in the flow nodes
-
- Resolved
-
-
-
- Resolved
-
-
JENKINS-37324 We would like a more meaningful description of a step
-
- Closed
-
