Uploaded image for project: 'Jenkins Website'
  1. Jenkins Website
  2. WEBSITE-610

Fix documentation on what credentials masking actually is



    • Improvement
    • Status: Done (View Workflow)
    • Minor
    • Resolution: Fixed
    • content
    • None



      This section has the following description:

       To maintain the security and anonymity of these credentials, if you attempt to retrieve the value of these credential variables from within the Pipeline (e.g. echo $AWS_SECRET_ACCESS_KEY), Jenkins only returns the value “***” to prevent secret information from being written to the console output and any logs. Any sensitive information in credential IDs themselves (such as usernames) are also returned as “***” in the Pipeline run’s output.

      This might lead users to believe credentials masking is a miracle cure when all it does is prevent accidental exposure. This needs to be clarified to explain the limitations: Anyone able to change Jenkins or build scripts will be able to transform the credentials into a form that won't get masked.

      See also https://github.com/jenkinsci/credentials-binding-plugin/blob/2a0d796a742ea089fcebfa1d8170326b420fbfe5/src/main/resources/org/jenkinsci/plugins/credentialsbinding/impl/BindingStep/help.html#L51...L59


        Issue Links


            danielbeck Daniel Beck created issue -
            markewaite Mark Waite made changes -
            Field Original Value New Value
            Assignee Mark Waite [ markewaite ]
            markewaite Mark Waite made changes -
            Status To Do [ 10003 ] In Progress [ 3 ]
            markewaite Mark Waite made changes -
            Remote Link This issue links to "PR 2252 - clarify credentials masking (Web Link)" [ 22801 ]
            markewaite Mark Waite made changes -
            Resolution Fixed [ 1 ]
            Status In Progress [ 3 ] Done [ 10004 ]
            kon Kalle Niemitalo made changes -
            Link This issue relates to JENKINS-60962 [ JENKINS-60962 ]
            kon Kalle Niemitalo made changes -
            Link This issue relates to JENKINS-54538 [ JENKINS-54538 ]


              markewaite Mark Waite
              danielbeck Daniel Beck
              0 Vote for this issue
              1 Start watching this issue