-
Improvement
-
Resolution: Unresolved
-
Minor
-
None
-
Credentials Binding Plugin 1.27
Jenkins 2.317
I have a jenkins pipeline where I have something like this:
withCredentials([sshUserPrivateKey(credentialsId: credentialsId, keyFileVariable: 'sshKeyFile' , usernameVariable: 'userName')]) { sshCommand remote: [ user: userName , identityFile: sshKeyFile ... ], command: "some cmd" }
For every execution of ssh command using sshCommand step I see in job log:
Masking supported pattern matches of $sshKeyFile
Would be nice to have option to suppress these messages as for many executions of sshCommand log looks ugly.
[JENKINS-66991] Always getting "Masking supported pattern matches of" message in job log
Vlad Uros
created issue -
Vlad Uros
made changes -
| Description |
Original:
I have a jenkins pipeline where I have something like this:
withCredentials([sshUserPrivateKey(credentialsId: credentialsId, keyFileVariable: 'sshKeyFile' , usernameVariable: 'userName')]) { sshCommand remote: [ user: userName , identityFile: sshKeyFile ... ], command: "some cmd" } For everhy execution of ssh command using sshCommand step I see in job log: Masking supported pattern matches of $sshKeyFile Would be nice to have option to supress these messages as for many executions of sshCommand log looks ugly. |
New:
I have a jenkins pipeline where I have something like this:
{quote}withCredentials([sshUserPrivateKey(credentialsId: credentialsId, keyFileVariable: 'sshKeyFile' , usernameVariable: 'userName')]) { sshCommand remote: [ user: userName , identityFile: sshKeyFile ... ], command: "some cmd" }{quote} For everhy execution of ssh command using sshCommand step I see in job log: Masking supported pattern matches of $sshKeyFile Would be nice to have option to supress these messages as for many executions of sshCommand log looks ugly. |
Vlad Uros
made changes -
| Description |
Original:
I have a jenkins pipeline where I have something like this:
{quote}withCredentials([sshUserPrivateKey(credentialsId: credentialsId, keyFileVariable: 'sshKeyFile' , usernameVariable: 'userName')]) { sshCommand remote: [ user: userName , identityFile: sshKeyFile ... ], command: "some cmd" }{quote} For everhy execution of ssh command using sshCommand step I see in job log: Masking supported pattern matches of $sshKeyFile Would be nice to have option to supress these messages as for many executions of sshCommand log looks ugly. |
New:
I have a jenkins pipeline where I have something like this:
bq. withCredentials([sshUserPrivateKey(credentialsId: credentialsId, keyFileVariable: 'sshKeyFile' , usernameVariable: 'userName')]) { bq. sshCommand remote: [ user: userName , identityFile: sshKeyFile ... ], command: "some cmd" bq. } For everhy execution of ssh command using sshCommand step I see in job log: Masking supported pattern matches of $sshKeyFile Would be nice to have option to supress these messages as for many executions of sshCommand log looks ugly. |
Vlad Uros
made changes -
| Description |
Original:
I have a jenkins pipeline where I have something like this:
bq. withCredentials([sshUserPrivateKey(credentialsId: credentialsId, keyFileVariable: 'sshKeyFile' , usernameVariable: 'userName')]) { bq. sshCommand remote: [ user: userName , identityFile: sshKeyFile ... ], command: "some cmd" bq. } For everhy execution of ssh command using sshCommand step I see in job log: Masking supported pattern matches of $sshKeyFile Would be nice to have option to supress these messages as for many executions of sshCommand log looks ugly. |
New:
I have a jenkins pipeline where I have something like this:
{{withCredentials([sshUserPrivateKey(credentialsId: credentialsId, keyFileVariable: 'sshKeyFile' , usernameVariable: 'userName')]) { sshCommand remote: [ user: userName , identityFile: sshKeyFile ... ], command: "some cmd" }}} For everhy execution of ssh command using sshCommand step I see in job log: Masking supported pattern matches of $sshKeyFile Would be nice to have option to supress these messages as for many executions of sshCommand log looks ugly. |
Vlad Uros
made changes -
| Description |
Original:
I have a jenkins pipeline where I have something like this:
{{withCredentials([sshUserPrivateKey(credentialsId: credentialsId, keyFileVariable: 'sshKeyFile' , usernameVariable: 'userName')]) { sshCommand remote: [ user: userName , identityFile: sshKeyFile ... ], command: "some cmd" }}} For everhy execution of ssh command using sshCommand step I see in job log: Masking supported pattern matches of $sshKeyFile Would be nice to have option to supress these messages as for many executions of sshCommand log looks ugly. |
New:
I have a jenkins pipeline where I have something like this:
{code:java} withCredentials([sshUserPrivateKey(credentialsId: credentialsId, keyFileVariable: 'sshKeyFile' , usernameVariable: 'userName')]) { sshCommand remote: [ user: userName , identityFile: sshKeyFile ... ], command: "some cmd" } {code} For everhy execution of ssh command using sshCommand step I see in job log: Masking supported pattern matches of $sshKeyFile Would be nice to have option to supress these messages as for many executions of sshCommand log looks ugly. |
Vlad Uros
made changes -
| Description |
Original:
I have a jenkins pipeline where I have something like this:
{code:java} withCredentials([sshUserPrivateKey(credentialsId: credentialsId, keyFileVariable: 'sshKeyFile' , usernameVariable: 'userName')]) { sshCommand remote: [ user: userName , identityFile: sshKeyFile ... ], command: "some cmd" } {code} For everhy execution of ssh command using sshCommand step I see in job log: Masking supported pattern matches of $sshKeyFile Would be nice to have option to supress these messages as for many executions of sshCommand log looks ugly. |
New:
I have a jenkins pipeline where I have something like this:
{code:java} withCredentials([sshUserPrivateKey(credentialsId: credentialsId, keyFileVariable: 'sshKeyFile' , usernameVariable: 'userName')]) { sshCommand remote: [ user: userName , identityFile: sshKeyFile ... ], command: "some cmd" } {code} For every execution of ssh command using sshCommand step I see in job log: Masking supported pattern matches of $sshKeyFile Would be nice to have option to suppress these messages as for many executions of sshCommand log looks ugly. |
Vlad Uros
added a comment - I just don't see a purpose of message "Masking supported pattern matches of..."
Is this some kind of warning or what?
I found a ticket to add warning if masked variable is used inside double quotes, but I think that's different message.
In my example I've tried something like
sh 'echo $sshKeyFile'
and it is properly masked, no warning but still I see "Masking supported pattern" message in job log.
Vlad Uros
added a comment - I just don't see a purpose of message "Masking supported pattern matches of..."
Is this some kind of warning or what?
I found a ticket to add warning if masked variable is used inside double quotes, but I think that's different message.
In my example I've tried something like
sh 'echo $sshKeyFile'
and it is properly masked, no warning but still I see "Masking supported pattern" message in job log. Vlad Uros
made changes -
| Assignee | New: Carroll Chiou [ carroll ] |
Kalle Niemitalo
added a comment - The credentials masking message was added in PR #55 and PR #59 for JENKINS-42950, to make users aware that the plugin recognizes and masks only some variations of the credential; a carelessly implemented pipeline can log the credential in a format that the plugin does not recognize and passes straight through.
I can imagine a few ways to change the plugin to allow suppressing these messages:
- Don't log these messages at all if a specific system property is set.
- Add an optional parameter to withCredentials.
- Add an optional parameter to sshUserPrivateKey.
- Remember which "Masking" messages have been output during the current run, and don't output identical ones again.
- Never mask the file name of sshUserPrivateKey.
Kalle Niemitalo
added a comment - The credentials masking message was added in PR #55 and PR #59 for JENKINS-42950 , to make users aware that the plugin recognizes and masks only some variations of the credential; a carelessly implemented pipeline can log the credential in a format that the plugin does not recognize and passes straight through.
I can imagine a few ways to change the plugin to allow suppressing these messages:
Don't log these messages at all if a specific system property is set.
Add an optional parameter to withCredentials.
Add an optional parameter to sshUserPrivateKey.
Remember which "Masking" messages have been output during the current run, and don't output identical ones again.
Never mask the file name of sshUserPrivateKey.
Is it even necessary to mask the file name at all? As opposed to the contents of the file.