-
Bug
-
Resolution: Unresolved
-
Minor
-
Jenkins 2.235.5
Since last update to Jenkins 2.235.5 it starts to randomly mask necessary info in the outputs.
Masked information includes: dates, comments, random number sequences, hosts, url's.
[JENKINS-63571] Jenkins 2.235.5 mask random data
No, mask-password plugin is not installed, Ec2 plugin was the only plugin updated.
Should i install mask-password plugin ?
I don't think additional plugins should be installed until the cause of the change is understood. The credentials binding plugin is also able to mask secrets. You might check if that plugin is being used in your environment.
Hey Mark, thanks for you reply. Yes credentials binding plugin is installed !
Denys
added a comment - pablodemian Have you solved your problem? I have the same problem after updating.
Denys
added a comment - pablodemian Have you solved your problem? I have the same problem after updating. 
Denys
added a comment - pablodemian Watch this JENKINS-63618 . This is my case. markewaite I believe that if some string is used in credentials, that string is masked, whenever found.
My pipeline:
pipeline {
agent any
environment {
SERVER = 'http://server.mycompany.com:9000'
}
stages {
stage('Do the job') {
steps {
script {
withCredentials([usernamePassword(credentialsId: 'SOME_CREDENTIALS_ID',
passwordVariable: 'ACCESS_KEY', // "mycompany"
usernameVariable: 'SECRET_KEY')]) // "mycompany"
{
def my_secret_params = '$ACCESS_KEY $SECRET_KEY' // to prevent insecure interpolation
def my_script = """#!/bin/bash -e
echo mc config host add minio ${SERVER} ${my_secret_params}
"""
sh label: 'Run', script: my_script
}
}
}
}
}
}
[Pipeline] sh (Run) Warning: A secret was passed to "sh" using Groovy String interpolation, which is insecure. Affected argument(s) used the following variable(s): [SECRET_KEY, ACCESS_KEY] See https://jenkins.io/redirect/groovy-string-interpolation for details. mc config host add minio http://server.****.com:9000 **** ****
The string "mycompany" was replaced as a part of URL with "****".
If I change the url to have "my-company" in it, the pipeline runs with no warnings.
[Pipeline] withCredentials
Masking supported pattern matches of $SECRET_KEY or $ACCESS_KEY
[Pipeline] {
[Pipeline] sh (Run)
mc config host add minio http://server.my-company.com:9000 **** ****
efo plo
added a comment - - edited markewaite I believe that if some string is used in credentials, that string is masked, whenever found.
My pipeline:
pipeline {
agent any
environment {
SERVER = 'http: //server.mycompany.com:9000'
}
stages {
stage( 'Do the job' ) {
steps {
script {
withCredentials([usernamePassword(credentialsId: 'SOME_CREDENTIALS_ID' ,
passwordVariable: 'ACCESS_KEY' , // "mycompany"
usernameVariable: 'SECRET_KEY' )]) // "mycompany"
{
def my_secret_params = '$ACCESS_KEY $SECRET_KEY' // to prevent insecure interpolation
def my_script = """#!/bin/bash -e
echo mc config host add minio ${SERVER} ${my_secret_params}
"""
sh label: 'Run' , script: my_script
}
}
}
}
}
}
[Pipeline] sh (Run)
Warning: A secret was passed to "sh" using Groovy String interpolation, which is insecure.
Affected argument(s) used the following variable(s): [SECRET_KEY, ACCESS_KEY]
See https: //jenkins.io/redirect/groovy-string-interpolation for details.
mc config host add minio http: //server.****.com:9000 **** ****
The string "mycompany" was replaced as a part of URL with "****".
If I change the url to have "my-company" in it, the pipeline runs with no warnings.
[Pipeline] withCredentials
Masking supported pattern matches of $SECRET_KEY or $ACCESS_KEY
[Pipeline] {
[Pipeline] sh (Run)
mc config host add minio http: //server.my-company.com:9000 **** ****
I believe that a plugin is required for that type of masking. Did your change to Jenkins 2.235.5 also upgrade the mask passwords plugin or other plugins?