Uploaded image for project: 'Jenkins'
  1. Jenkins
  2. JENKINS-67074

credentials-binding-plugin reveals secrets

    XMLWordPrintable

    Details

    • Similar Issues:

      Description

      The credentials-binding-plugin tries to hide its secrets from the jenkins log. I presume the algoritm is to do a simple replace on the known passwords with ****

      The trouble is, if you want to use that password to pass to git... as in...

       

      git clone https://${MYUSER}:${MYPASS}/bitbucket.org/myproject/myrepository
       
      

      that doesn't work because MYPASS has to be url encoded... so what one does is something like:

      git clone  https://${MYUSER}:`echo -n "$MYPASS" | jq -sRr @uri`/bitbucket.org/myproject/myrepository

      This now works BUT since your password is now URL encoded, the secret hiding algorithm will now reveal it in the log.

      I suppose the simplest solution to this is to mask not only the password, but the url encoded password too.

        Attachments

          Activity

          There are no comments yet on this issue.

            People

            Assignee:
            Unassigned Unassigned
            Reporter:
            xpusostomos Chris
            Votes:
            1 Vote for this issue
            Watchers:
            3 Start watching this issue

              Dates

              Created:
              Updated: