-
Type:
Bug
-
Resolution: Unresolved
-
Priority:
Critical
-
Component/s: hashicorp-vault-plugin
-
None
-
Environment:jenkins/jenkins:lts-jdk11 (linux image deployed in k8s)
workflow-durable-task-step-plugin 1199.v02b_9244f8064
hashicorp-vault-plugin 356.ved18810a_b_828
When using org.jenkinsci.plugins.workflow.steps.durable_task.DurableTaskStep.USE_WATCHING=true the sample will show the credentials instead of masking them.
Sample:
pipeline {
agent {
kubernetes {
}
}
stages {
stage('test') {
steps {
withVault(
[
[
path: 'some/path',
secretValues: [
[vaultKey: 'foo'],
]
]
]
) {
sh 'echo $foo'
}
}
}
}
}
Using kubernetes agent just for simplicity, but remote call is mandatory. When using controller node, masking is also done correctly.
Sadly this setting gets enabled by a static code block in opentelemetry-plugin: https://github.com/jenkinsci/opentelemetry-plugin/blob/master/src/main/java/io/jenkins/plugins/opentelemetry/job/log/OtelLogStorageFactory.java#L50
- links to
