Uploaded image for project: 'Jenkins'
  1. Jenkins
  2. JENKINS-65076

Define API to mask out-of-scope credentials

XMLWordPrintable

      The credentials-binding-plugin currently installs logfilters that take care of masking secrets while logging.
      However this is only applied to secrets that are currently bound.

      If the secret is stored into a variable and printed later it will not be masked.
      (or the secret is part of an exceptions message)
      It would be nice to have a way to either
      a) Mask secrets that were in scope before, but are not anymore
      b) Explicitly mask secrets inside a given string before passing it out of the current scope

      Note: This is not meant to protect against intentional misuse but to make it easier for pipeline authors to write non-leaking pipelines.

          [JENKINS-65076] Define API to mask out-of-scope credentials

          Thomas Weißschuh created issue -
          Ian Williams made changes -
          Link New: This issue blocks JENKINS-65078 [ JENKINS-65078 ]
          Ian Williams made changes -
          Resolution New: Duplicate [ 3 ]
          Status Original: Open [ 1 ] New: Resolved [ 5 ]

            Unassigned Unassigned
            t8ch Thomas Weißschuh
            Votes:
            0 Vote for this issue
            Watchers:
            1 Start watching this issue

              Created:
              Updated:
              Resolved: