Uploaded image for project: 'Jenkins'
  1. Jenkins
  2. JENKINS-53176

How to safely rotate master.key and hudson.util.Secret?

XMLWordPrintable

    • Icon: Task Task
    • Resolution: Not A Defect
    • Icon: Minor Minor
    • credentials-plugin
    • None

      I previously checked in my entire Jenkins configuration into git for backup purposes.

      These days, I snapshot EBS volumes for backup.

      In the interests of security, I would like to rotate the sensitive files in the Jenkins configuration in order to help keep things secure. Those files appear to be:

      • secrets/hudson.util.Secret
      • secrets/master.key

      Can someone please advise me as to how I can safely rotate those keys while also keeping my Jenkins server running smoothly?

       

          [JENKINS-53176] How to safely rotate master.key and hudson.util.Secret?

          Stephen Connolly added a comment -

          Removing myself as assignee. My current work assignments do not provide sufficient bandwidth to review these issues and in the majority of cases I am only assigned by virtue of being the default assignee. For the credentials-api and scm-api related plugins I have permission to allocate time reviewing changes to these APIs themselves to ensure these APIs remain cohesive, but that can be handled through PR reviews rather than assigning issues in JIRA

          Stephen Connolly added a comment - Removing myself as assignee. My current work assignments do not provide sufficient bandwidth to review these issues and in the majority of cases I am only assigned by virtue of being the default assignee. For the credentials-api and scm-api related plugins I have permission to allocate time reviewing changes to these APIs themselves to ensure these APIs remain cohesive, but that can be handled through PR reviews rather than assigning issues in JIRA

          Jon B added a comment -

          Could someone at CloudBees please comment on this?

          Jon B added a comment - Could someone at CloudBees please comment on this?

          Jesse Glick added a comment -

          Just delete the secrets/ directory.

          Jesse Glick added a comment - Just delete the secrets/ directory.

            Unassigned Unassigned
            piratejohnny Jon B
            Votes:
            2 Vote for this issue
            Watchers:
            6 Start watching this issue

              Created:
              Updated:
              Resolved: