Uploaded image for project: 'Jenkins'
  1. Jenkins
  2. JENKINS-62351

Improve master key encryption


    • Icon: Improvement Improvement
    • Resolution: Unresolved
    • Icon: Major Major
    • core

      Actually, the master key is encrypted with the size limit of 128bits due to the restriction of old java versions.

      This restriction was lifted in Java 9 and 11, and after JDK8u162.

      To improve security of all secrets in Jenkins, I purpose to increase the limit of this key.


      Because all companies has different security policies, it might be nice to let the administrator of Jenkins choose wich algorithm he want to use to encrypt Jenkins secrets. Actually it is hard coded.


      Would anyone have any opinion on that?


      This improvement can be applied to the credentials-plugin too.


      Update : relation with JENKINS-61373


            Unassigned Unassigned
            mat1e mat1e
            0 Vote for this issue
            1 Start watching this issue