Jenkins EC2 plugin prints private key contents in Jenkins log

This issue is archived. You can view it, but you can't modify it. Learn more

XMLWordPrintable

    • ec2-1.44, 1.42.1, 1.41.1

      The Jenkins EC2 plugin prints the contents of the private key into the main jenkins log when it spins up and connects to new slaves. Please can this information be excluded from the logging.

      I believe the line that needs to be changed is:

      https://github.com/jenkinsci/ec2-plugin/blob/master/src/main/java/hudson/plugins/ec2/ssh/EC2UnixLauncher.java#L278-L279

      Example log output given below:

      Dec 14, 2018 9:42:50 AM hudson.plugins.ec2.EC2Cloud log
INFO: Getting keypair...
Dec 14, 2018 9:42:50 AM hudson.plugins.ec2.EC2RetentionStrategy start
INFO: Start requested for Jenkins Generic Agents (i-092c20a865eed9e81)
Dec 14, 2018 9:42:50 AM hudson.plugins.ec2.EC2Cloud log
INFO: Launching instance: i-092c20a865eed9e81
Dec 14, 2018 9:42:50 AM hudson.plugins.ec2.EC2Cloud log
INFO: bootstrap()
Dec 14, 2018 9:42:50 AM hudson.plugins.ec2.EC2Cloud log
INFO: Getting keypair...
Dec 14, 2018 9:42:50 AM hudson.plugins.ec2.EC2Cloud log
INFO: Using key: my-jenkins-key
f1:xf:81:b4:d4:4f:49:1f:b2:f6:2a:hg:39:77:t4:4v
-----BEGIN RSA PRIVATE KEY-----
<PRIVATE KEY HERE>

            Assignee:
            Unassigned
            Reporter:
            Nicola Forbes
            Archiver:
            Jenkins Service Account

              Created:
              Updated:
              Resolved:
              Archived: