Uploaded image for project: 'Jenkins'
  1. Jenkins
  2. JENKINS-61808

Always encrypt f:password values, not just those backed by Secret

    • Icon: Improvement Improvement
    • Resolution: Fixed
    • Icon: Minor Minor
    • core
    • 2.236

      Too many people get the Secret getters wrong. What if we just always returned a Secret, and had a StringConverter to handle submitted secrets and transparently decrypt again?

      This would eliminate this class of problem. Only storage would really need to be done as Secret, but the internal API types wouldn't matter so much.

      Test cases need to include String typed encrypted secrets, and unmatched getter/setter types.

          [JENKINS-61808] Always encrypt f:password values, not just those backed by Secret

          There are no comments yet on this issue.

            danielbeck Daniel Beck
            danielbeck Daniel Beck
            Votes:
            0 Vote for this issue
            Watchers:
            2 Start watching this issue

              Created:
              Updated:
              Resolved: