[JENKINS-61808] Always encrypt f:password values, not just those backed by Secret - Jenkins Jira

XML

Word

Printable

Details

Type: Improvement
Status: Resolved (View Workflow)
Priority: Minor
Resolution: Fixed
Component/s: core
Labels:
- security

Similar Issues:

Show
Released As:
2.236

Description

Too many people get the Secret getters wrong. What if we just always returned a Secret, and had a StringConverter to handle submitted secrets and transparently decrypt again?

This would eliminate this class of problem. Only storage would really need to be done as Secret, but the internal API types wouldn't matter so much.

Test cases need to include String typed encrypted secrets, and unmatched getter/setter types.

Attachments

Issue Links

causes

JENKINS-63500 JENKINS-61808 breaks doc generation for build and input steps

Open

JENKINS-63499 Configuration of password parameters broken in Declarative Pipelines in Jenkins 2.236+

Resolved

JENKINS-62305 Error "hudson.model.PasswordParameterValue.value expects class hudson.util.Secret" since 2.236

Resolved

JENKINS-63516 Use of password parameters with the input step broken in Jenkins 2.236+

Resolved

links to

jenkins #4630

Activity

There are no comments yet on this issue.

People

Assignee:: Daniel Beck

Reporter:: Daniel Beck

Votes:: 0 Vote for this issue

Watchers:: 2 Start watching this issue

Dates

Created:: 2020-04-04 00:44

Updated:: 2020-08-26 18:54

Resolved:: 2020-05-19 22:15