Uploaded image for project: 'Jenkins'
  1. Jenkins
  2. JENKINS-65078

Define API to mask out-of-scope credentials

    XMLWordPrintable

    Details

    • Similar Issues:

      Description

      The credentials-binding-plugin currently installs logfilters that take care of masking secrets while logging.
      However this is only applied to secrets that are currently bound.

      If the secret is stored into a variable and printed later it will not be masked.
      (or the secret is part of an exceptions message)
      It would be nice to have a way to either
      a) Mask secrets that were in scope before, but are not anymore
      b) Explicitly mask secrets inside a given string before passing it out of the current scope

      Note: This is not meant to protect against intentional misuse but to make it easier for pipeline authors to write non-leaking pipelines.

        Attachments

          Issue Links

            Activity

              People

              Assignee:
              Unassigned Unassigned
              Reporter:
              t8ch Thomas WeiƟschuh
              Votes:
              0 Vote for this issue
              Watchers:
              1 Start watching this issue

                Dates

                Created:
                Updated: