Uploaded image for project: 'Jenkins'
  1. Jenkins
  2. JENKINS-69781

DurableTaskStep experimental USE_WATCHING breaks secret masking

XMLWordPrintable

    • Icon: Bug Bug
    • Resolution: Unresolved
    • Icon: Critical Critical
    • hashicorp-vault-plugin
    • None
    • jenkins/jenkins:lts-jdk11 (linux image deployed in k8s)
      workflow-durable-task-step-plugin 1199.v02b_9244f8064
      hashicorp-vault-plugin 356.ved18810a_b_828

      When using org.jenkinsci.plugins.workflow.steps.durable_task.DurableTaskStep.USE_WATCHING=true the sample will show the credentials instead of masking them.

      Sample:

      pipeline {
    agent {
        kubernetes {
        }
    }

    stages {
        stage('test') {
            steps {
                withVault(
                    [
                        [
                            path: 'some/path',
                            secretValues: [
                                [vaultKey: 'foo'],
                            ]
                        ]
                    ]
                ) {
                    sh 'echo $foo'
                }
            }
        }
    }
}

      Using kubernetes agent just for simplicity, but remote call is mandatory. When using controller node, masking is also done correctly.

      Sadly this setting gets enabled by a static code block in opentelemetry-plugin: https://github.com/jenkinsci/opentelemetry-plugin/blob/master/src/main/java/io/jenkins/plugins/opentelemetry/job/log/OtelLogStorageFactory.java#L50

            ptierno Peter Tierno
            scddev Dietmar Scheidl
            Votes:
            0 Vote for this issue
            Watchers:
            5 Start watching this issue

              Created:
              Updated: