Resolution: Unresolved
OS Centos 7.4
OpenJDK 1.8.0_151
ace-editor 1.1 true
ant 1.7 true
antisamy-markup-formatter 1.5 true
apache-httpcomponents-client-4-api 4.5.3-2.0 true
async-http-client true
authentication-tokens 1.3 true
blueocean 1.3.5 true
blueocean-autofavorite 1.2.1 true
blueocean-bitbucket-pipeline 1.3.5 true
blueocean-commons 1.3.5 true
blueocean-config 1.3.5 true
blueocean-dashboard 1.3.5 true
blueocean-display-url 2.2.0 true
blueocean-events 1.3.5 true
blueocean-git-pipeline 1.3.5 true
blueocean-github-pipeline 1.3.5 true
blueocean-i18n 1.3.5 true
blueocean-jira 1.3.5 true
blueocean-jwt 1.3.5 true
blueocean-personalization 1.3.5 true
blueocean-pipeline-api-impl 1.3.5 true
blueocean-pipeline-editor 1.3.5 true
blueocean-pipeline-scm-api 1.3.5 true
blueocean-rest 1.3.5 true
blueocean-rest-impl 1.3.5 true
blueocean-web 1.3.5 true
bouncycastle-api 2.16.2 true
branch-api 2.0.16 true
build-timestamp 1.0.1 true
build-with-parameters 1.4 true
buildtriggerbadge 2.9 true
chef-identity 1.0.0 true
cisco-spark-notifier 1.1.1 true
cloud-stats 0.16 true
cloudbees-bitbucket-branch-source 2.2.7 true
cloudbees-folder 6.2.1 true
command-launcher 1.2 true
config-file-provider 2.16.4 true
console-badge 1.1 true
credentials 2.1.16 true
credentials-binding 1.13 true
display-url-api 2.2.0 true
docker-commons 1.10 true
docker-workflow 1.14 true
dockerhub-notification 2.2.0 true
durable-task 1.17 true
external-monitor-job 1.7 true
favorite 2.3.1 true
git 3.6.4 true
git-client 2.6.0 true
git-server 1.7 true
github 1.28.1 true
github-api 1.90 true
github-branch-source 2.3.1 true
handlebars 1.1.1 true
hashicorp-vault-plugin 2.1.0 true
htmlpublisher 1.14 true
icon-shim 2.0.3 true
jackson2-api true
javadoc 1.4 true
jira 2.5 true
job-import-plugin 2.1 true
jquery 1.12.4-0 true
jquery-detached 1.2.1 true
jsch true
junit 1.23 true
ldap 1.18 true
mailer 1.20 true
mask-passwords 2.10.1 true
matrix-auth 2.2 true
matrix-project 1.12 true
mercurial 2.2 true
momentjs 1.1.1 true
multi-slave-config-plugin 1.2.0 true
nodelabelparameter 1.7.2 true
pam-auth 1.3 true
pipeline-build-step 2.6 true
pipeline-graph-analysis 1.5 true
pipeline-input-step 2.8 true
pipeline-milestone-step 1.3.1 true
pipeline-model-api 1.2.5 true
pipeline-model-declarative-agent 1.1.1 true
pipeline-model-definition 1.2.5 true
pipeline-model-extensions 1.2.5 true
pipeline-multibranch-defaults 1.1 true
pipeline-rest-api 2.9 true
pipeline-stage-step 2.3 true
pipeline-stage-tags-metadata 1.2.5 true
pipeline-stage-view 2.9 true
plain-credentials 1.4 true
progress-bar-column-plugin 1.0 true
pubsub-light 1.12 true
quayio-trigger 0.1 true
rundeck 3.6.3 true
scm-api 2.2.5 true
script-security 1.38 true
simple-travis-runner 1.0 true
slave-utilization-plugin 1.8 true
sse-gateway 1.15 true
ssh-credentials 1.13 true
ssh-slaves 1.22 true
structs 1.10 true
systemloadaverage-monitor 1.2 true
token-macro 2.3 true
variant 1.1 true
view-job-filters 1.27 true
windows-slaves 1.3.1 true
workflow-aggregator 2.5 true
workflow-api 2.24 true
workflow-basic-steps 2.6 true
workflow-cps 2.42 true
workflow-cps-global-lib 2.9 true
workflow-durable-task-step 2.17 true
workflow-job 2.16 true
workflow-multibranch 2.16 true
workflow-scm-step 2.6 true
workflow-step-api 2.14 true
workflow-support 2.16 true
yet-another-docker-plugin 0.1.0-rc46 trueJENKINS_VERSION 2.90 OS Centos 7.4 OpenJDK 1.8.0_151 PLUGINS ace-editor 1.1 true ant 1.7 true antisamy-markup-formatter 1.5 true apache-httpcomponents-client-4-api 4.5.3-2.0 true async-http-client true authentication-tokens 1.3 true blueocean 1.3.5 true blueocean-autofavorite 1.2.1 true blueocean-bitbucket-pipeline 1.3.5 true blueocean-commons 1.3.5 true blueocean-config 1.3.5 true blueocean-dashboard 1.3.5 true blueocean-display-url 2.2.0 true blueocean-events 1.3.5 true blueocean-git-pipeline 1.3.5 true blueocean-github-pipeline 1.3.5 true blueocean-i18n 1.3.5 true blueocean-jira 1.3.5 true blueocean-jwt 1.3.5 true blueocean-personalization 1.3.5 true blueocean-pipeline-api-impl 1.3.5 true blueocean-pipeline-editor 1.3.5 true blueocean-pipeline-scm-api 1.3.5 true blueocean-rest 1.3.5 true blueocean-rest-impl 1.3.5 true blueocean-web 1.3.5 true bouncycastle-api 2.16.2 true branch-api 2.0.16 true build-timestamp 1.0.1 true build-with-parameters 1.4 true buildtriggerbadge 2.9 true chef-identity 1.0.0 true cisco-spark-notifier 1.1.1 true cloud-stats 0.16 true cloudbees-bitbucket-branch-source 2.2.7 true cloudbees-folder 6.2.1 true command-launcher 1.2 true config-file-provider 2.16.4 true console-badge 1.1 true credentials 2.1.16 true credentials-binding 1.13 true display-url-api 2.2.0 true docker-commons 1.10 true docker-workflow 1.14 true dockerhub-notification 2.2.0 true durable-task 1.17 true external-monitor-job 1.7 true favorite 2.3.1 true git 3.6.4 true git-client 2.6.0 true git-server 1.7 true github 1.28.1 true github-api 1.90 true github-branch-source 2.3.1 true handlebars 1.1.1 true hashicorp-vault-plugin 2.1.0 true htmlpublisher 1.14 true icon-shim 2.0.3 true jackson2-api true javadoc 1.4 true jira 2.5 true job-import-plugin 2.1 true jquery 1.12.4-0 true jquery-detached 1.2.1 true jsch true junit 1.23 true ldap 1.18 true mailer 1.20 true mask-passwords 2.10.1 true matrix-auth 2.2 true matrix-project 1.12 true mercurial 2.2 true momentjs 1.1.1 true multi-slave-config-plugin 1.2.0 true nodelabelparameter 1.7.2 true pam-auth 1.3 true pipeline-build-step 2.6 true pipeline-graph-analysis 1.5 true pipeline-input-step 2.8 true pipeline-milestone-step 1.3.1 true pipeline-model-api 1.2.5 true pipeline-model-declarative-agent 1.1.1 true pipeline-model-definition 1.2.5 true pipeline-model-extensions 1.2.5 true pipeline-multibranch-defaults 1.1 true pipeline-rest-api 2.9 true pipeline-stage-step 2.3 true pipeline-stage-tags-metadata 1.2.5 true pipeline-stage-view 2.9 true plain-credentials 1.4 true progress-bar-column-plugin 1.0 true pubsub-light 1.12 true quayio-trigger 0.1 true rundeck 3.6.3 true scm-api 2.2.5 true script-security 1.38 true simple-travis-runner 1.0 true slave-utilization-plugin 1.8 true sse-gateway 1.15 true ssh-credentials 1.13 true ssh-slaves 1.22 true structs 1.10 true systemloadaverage-monitor 1.2 true token-macro 2.3 true variant 1.1 true view-job-filters 1.27 true windows-slaves 1.3.1 true workflow-aggregator 2.5 true workflow-api 2.24 true workflow-basic-steps 2.6 true workflow-cps 2.42 true workflow-cps-global-lib 2.9 true workflow-durable-task-step 2.17 true workflow-job 2.16 true workflow-multibranch 2.16 true workflow-scm-step 2.6 true workflow-step-api 2.14 true workflow-support 2.16 true yet-another-docker-plugin 0.1.0-rc46 true
When reading a certificate that has been concatenated with the issuer and the root ca, then base64 encoded - the vault plugin will immediately exit and not even execute a shell in a freeform project.
When those values are NOT base64 encoded the plugin works properly and places the certificate as an environmental value except IT DOES NOT MASK the env value.
Pulling the jenkins logs for the base64 encoded values I do see this backtrace:
The logs in Jenkins look like this:
Jan 10, 2018 9:09:24 PM INFO hudson.model.Run executeVault example get encoded files #10 main build action completed: SUCCESS Jan 10, 2018 9:09:24 PM SEVERE hudson.model.Executor finish1Executor threw an exception java.lang.NullPointerException at com.datapipe.jenkins.vault.log.MaskingConsoleLogFilter$2.compare(MaskingConsoleLogFilter.java:66) at com.datapipe.jenkins.vault.log.MaskingConsoleLogFilter$2.compare(MaskingConsoleLogFilter.java:63) at java.util.TimSort.countRunAndMakeAscending(TimSort.java:355) at java.util.TimSort.sort(TimSort.java:220) at java.util.Arrays.sort(Arrays.java:1512) at java.util.ArrayList.sort(ArrayList.java:1460) at java.util.Collections.sort(Collections.java:175) at com.datapipe.jenkins.vault.log.MaskingConsoleLogFilter.getPatternStringForSecrets(MaskingConsoleLogFilter.java:63) at com.datapipe.jenkins.vault.log.MaskingConsoleLogFilter$1.eol(MaskingConsoleLogFilter.java:38) at hudson.console.LineTransformationOutputStream.eol(LineTransformationOutputStream.java:60) at hudson.console.LineTransformationOutputStream.write(LineTransformationOutputStream.java:56) at hudson.console.LineTransformationOutputStream.write(LineTransformationOutputStream.java:74) at java.io.PrintStream.write(PrintStream.java:480) at sun.nio.cs.StreamEncoder.writeBytes(StreamEncoder.java:221) at sun.nio.cs.StreamEncoder.implFlushBuffer(StreamEncoder.java:291) at sun.nio.cs.StreamEncoder.flushBuffer(StreamEncoder.java:104) at java.io.OutputStreamWriter.flushBuffer(OutputStreamWriter.java:185) at java.io.PrintStream.newLine(PrintStream.java:546) at java.io.PrintStream.println(PrintStream.java:807) at hudson.model.StreamBuildListener.finished(StreamBuildListener.java:80) at hudson.model.Run.execute(Run.java:1776) at hudson.model.FreeStyleBuild.run(FreeStyleBuild.java:43) at hudson.model.ResourceController.execute(ResourceController.java:97) at hudson.model.Executor.run(Executor.java:421)
[JENKINS-48892] Vault plugin exits on specifying a secret that is a large base64 encoded value
Resolution | New: Fixed [ 1 ] | |
Status | Original: Open [ 1 ] | New: Closed [ 6 ] |
Resolution | Original: Fixed [ 1 ] | |
Status | Original: Closed [ 6 ] | New: Reopened [ 4 ] |
Masking is something we really need. can this issue considered with high priority? thanks