-
Bug
-
Resolution: Unresolved
-
Critical
When utilizing the "Mask Passwords Plugin" https://wiki.jenkins.io/display/JENKINS/Mask+Passwords+Plugin
In a Jenkins Pipeline Job as follows:
vaultlookupsecret = 'mysupersekr3tp@sswordstuffz' wrap([$class: 'MaskPasswordsBuildWrapper', varPasswordPairs: [[var: 'vaultlookupsecret', password: vaultlookupsecret]], varMaskRegexes: []]) { script{ mystuff = sh(script: "/bin/bash script.sh -p \"${vaultlookupsecret}\" > output_upload.txt", returnStatus: true).toString().trim() } }
Within the "normal" jenkins job logs - this is properly masked as expected- and appears as follows:
+ /bin/bash script.sh -p ********
When viewing these same log(s) in the "BlueOcean" Pane - the top level step displays the commandline including the password in plaintext. When selecting the "dropdown" on this item within blueocean - the log display(s) the same commandline with the properly "masked" data.
Top Level/Label in Blue Ocean:
/bin/bash script.sh -p mysupersekr3tp@sswordstuffz
Drop-Down in Blue Ocean:
+ /bin/bash script.sh -p ********
I'm not sure if there is some configuration i need to make within BlueOcean, but "normal" logs are masked properly, it is only "BlueOcean" logs which seem unmasked (even though when selecting the drop-down - the log is again masked.
Version(s):
Jenkins 2.176.1
BlueOcean Plugin: 1.17.0
Mask Passwords Plugin 2.12.0
Note: I selected "componenets: core" as i "think" the BlueOcean Plugin is technically "core" now - and there isn't a component for "BlueOcean Specifically.
Hi,
I am facing the same issue but for me also the pipeline steps view (flowGraphTable) is affected and reveals all my sensitive data. I also tried using the log file filter plugin as well but the same behaviour could be observed.
The issue can be explored by using the following pipeline snippet:
node {
def someSecret = "someSecret"
wrap([$class: 'MaskPasswordsBuildWrapper', varPasswordPairs: [[password: someSecret]]])
{ echo "Secret String: " + someSecret }}
The console + raw log is hiding the secret properly:
Blue Ocean UI reveals the secret inside the header:
Pipeline Steps View reveals secrets as well:
Is there anything I am doing wrong here or is there another approach recommended for hiding sensitive data? Any help to solve the issue is highly appreciated.
Best Regards,
Simon