-
Bug
-
Resolution: Won't Do
-
Major
-
None
In our Jenkins pipeline script we pass sensitive environment variables into the pod which come out of the job parameters.
This sensitive information is unfortunately disclosed via the log.
#459 / JENKINS-57116 introduced the option showRawYaml but this does not seem to take effect within a Jenkins pipeline when using podTemplate(showRawYaml: false, ...)
Would be great to make this available.
- relates to
-
JENKINS-43814 Password parameters should be hidden in pipeline logs by default
-
- Open
-
[JENKINS-57717] showRawYaml doesn't work inside podTemplate
Oliver Nocon
added a comment - Thank you for your feedback, we are exactly on this version.
I see the respective checkbox in Jenkins system configuration.
When calling via pipeline script I was not able to get it working. When looking into
I am not able to find the respective setter but maybe there is a misunderstanding on my side and there is something else I overlooked ...
Oliver Nocon
added a comment - Thank you for your feedback, we are exactly on this version.
I see the respective checkbox in Jenkins system configuration.
When calling via pipeline script I was not able to get it working. When looking into
https://github.com/jenkinsci/kubernetes-plugin/blob/master/src/main/java/org/csanchez/jenkins/plugins/kubernetes/pipeline/PodTemplateStep.java
I am not able to find the respective setter but maybe there is a misunderstanding on my side and there is something else I overlooked ... I see, it is implemented for global templates but not for Jenkinsfiles
Oliver Nocon
added a comment - addressed via https://github.com/jenkinsci/kubernetes-plugin/pull/519
Oliver Nocon
added a comment - addressed via https://github.com/jenkinsci/kubernetes-plugin/pull/519 What was addressed exactly?
To go back to the original description:
we pass sensitive environment variables into the pod which come out of the job parameters
Can you be more specific please? The credentials-binding and kubernetes plugins automatically mask secrets from the log coming from withCredentials and Kubernetes Secret mounts, respectively. Provide a complete, self-contained job definition which demonstrates your issue.
Oliver Nocon
added a comment - PR addressed the issue that showRawYaml: false did not take effect inside a Jenkinsfile.
It has been merged, thus the issue can be closed.
Issue was in a job with a password parameter. When passing this parameter as env variable to the pod: name and value (taken from the password parameter) were printed to the log. Now, using showRawYaml: false this can be prevented.
Oliver Nocon
added a comment - PR addressed the issue that showRawYaml: false did not take effect inside a Jenkinsfile.
It has been merged, thus the issue can be closed.
Issue was in a job with a password parameter. When passing this parameter as env variable to the pod: name and value (taken from the password parameter) were printed to the log. Now, using showRawYaml: false this can be prevented. When passing this parameter as env variable to the pod: name and value (taken from the password parameter)
There is no supported way to do this currently: JENKINS-43814
showRawYaml is in 1.15.4, what version are you using?