Uploaded image for project: 'Jenkins'
  1. Jenkins
  2. JENKINS-48892

Vault plugin exits on specifying a secret that is a large base64 encoded value

    • Icon: Bug Bug
    • Resolution: Unresolved
    • Icon: Major Major
    • hashicorp-vault-plugin

      When reading a certificate that has been concatenated with the issuer and the root ca, then base64 encoded - the vault plugin will immediately exit and not even execute a shell in a freeform project.

       

      When those values are NOT base64 encoded the plugin works properly and places the certificate as an environmental value except IT DOES NOT MASK the env value.

       

      Pulling the jenkins logs for the base64 encoded values I do see this backtrace:
      The logs in Jenkins look like this:

      Jan 10, 2018 9:09:24 PM INFO hudson.model.Run executeVault example get encoded files #10 main build action completed: SUCCESS
      Jan 10, 2018 9:09:24 PM SEVERE hudson.model.Executor finish1Executor threw an exception java.lang.NullPointerException at com.datapipe.jenkins.vault.log.MaskingConsoleLogFilter$2.compare(MaskingConsoleLogFilter.java:66) at com.datapipe.jenkins.vault.log.MaskingConsoleLogFilter$2.compare(MaskingConsoleLogFilter.java:63) at java.util.TimSort.countRunAndMakeAscending(TimSort.java:355) at java.util.TimSort.sort(TimSort.java:220) at java.util.Arrays.sort(Arrays.java:1512) at java.util.ArrayList.sort(ArrayList.java:1460) at java.util.Collections.sort(Collections.java:175) at com.datapipe.jenkins.vault.log.MaskingConsoleLogFilter.getPatternStringForSecrets(MaskingConsoleLogFilter.java:63) at com.datapipe.jenkins.vault.log.MaskingConsoleLogFilter$1.eol(MaskingConsoleLogFilter.java:38) at hudson.console.LineTransformationOutputStream.eol(LineTransformationOutputStream.java:60) at hudson.console.LineTransformationOutputStream.write(LineTransformationOutputStream.java:56) at hudson.console.LineTransformationOutputStream.write(LineTransformationOutputStream.java:74) at java.io.PrintStream.write(PrintStream.java:480) at sun.nio.cs.StreamEncoder.writeBytes(StreamEncoder.java:221) at sun.nio.cs.StreamEncoder.implFlushBuffer(StreamEncoder.java:291) at sun.nio.cs.StreamEncoder.flushBuffer(StreamEncoder.java:104) at java.io.OutputStreamWriter.flushBuffer(OutputStreamWriter.java:185) at java.io.PrintStream.newLine(PrintStream.java:546) at java.io.PrintStream.println(PrintStream.java:807) at hudson.model.StreamBuildListener.finished(StreamBuildListener.java:80) at hudson.model.Run.execute(Run.java:1776) at hudson.model.FreeStyleBuild.run(FreeStyleBuild.java:43) at hudson.model.ResourceController.execute(ResourceController.java:97) at hudson.model.Executor.run(Executor.java:421)
      

          [JENKINS-48892] Vault plugin exits on specifying a secret that is a large base64 encoded value

          Raghu added a comment -

          Masking is something we really need. can this issue considered with high priority? thanks

          Raghu added a comment - Masking is something we really need. can this issue considered with high priority? thanks

          Peter Tierno added a comment -

          rsemburakkiannan I am going to attempt to duplicate this during the week. Will follow up. thanks for reporting.

          Peter Tierno added a comment - rsemburakkiannan I am going to attempt to duplicate this during the week. Will follow up. thanks for reporting.

          Peter Tierno added a comment -

          rsemburakkiannan I can't seem to duplicate this using the latest plugin version (2.1.1). Please try against this version and report back your results. there wre some fixes to MaskingConsoleLogFilter.

          Peter Tierno added a comment - rsemburakkiannan I can't seem to duplicate this using the latest plugin version (2.1.1). Please try against this version and report back your results. there wre some fixes to MaskingConsoleLogFilter.

            ptierno Peter Tierno
            snoby Matt Snoby
            Votes:
            1 Vote for this issue
            Watchers:
            3 Start watching this issue

              Created:
              Updated: