Uploaded image for project: 'Jenkins'
  1. Jenkins
  2. JENKINS-64552

ssh-steps-plugin doesn't allow credentials passed without string interpolation

XMLWordPrintable

    • Icon: Improvement Improvement
    • Resolution: Unresolved
    • Icon: Minor Minor
    • ssh-steps-plugin
    • None

      Hello,

      I have the following pipeline stage, which works great:

      stage('Database') {
  steps {
    script {
      remote = createDeployRemote()

      withCredentials([
        usernamePassword(credentialsId: "credential-id", usernameVariable: 'THE_USERNAME', passwordVariable: 'THE_PASSWORD')
      ]) {
        sshCommand remote: remote,
          command: """
            somecommand \
              --username="${THE_USERNAME}" \
              --password="${THE_PASSWORD}"
          """
      }
    }
  }
}

      Jenkins complaints with the following warning:

      Warning: A secret was passed to "sshCommand" using Groovy String interpolation, which is insecure.

Affected argument(s) used the following variable(s): [THE_USERNAME, THE_PASSWORD]

See https://jenkins.io/redirect/groovy-string-interpolation for details.

      I've changed my code to the following:

      stage('Database') {
  environment {
    THE_CREDS = credentials("credential-id")
  }

  steps {
    script {
      remote = createDeployRemote()

      sshCommand remote: remote,
        command: """
          printenv

          somecommand \
              --username="\$THE_CREDS_USR" \
              --password="\$THE_CREDS_PSW"
        """
    }
  }
}

      It seems that this plugin doesn't pass any of the environment variables to the remote machine.

      I think there should be an option to pass all or some pre-defined environment variables to `sshCommand`.

            nrayapati Naresh Rayapati
            fabiang Fabian Grutschus
            Votes:
            7 Vote for this issue
            Watchers:
            10 Start watching this issue

              Created:
              Updated: