Uploaded image for project: 'Jenkins'
  1. Jenkins
  2. JENKINS-39317

force encryption of credentials

    XMLWordPrintable

    Details

    • Type: Improvement
    • Status: Closed (View Workflow)
    • Priority: Minor
    • Resolution: Fixed
    • Component/s: credentials-plugin
    • Labels:
      None
    • Environment:
      jenkins 2.19.1
      crendentials 2.18
      redhat linux 7+
    • Similar Issues:

      Description

      Hi,

      We're provisioning jenkins (a lot of) with preconfigured 'homes' including config.xml, a set of plugins, and some other xml configured things.
      We also provide the 'crendentials.xml' file, which when installed contain a set of clear passwords.

      we do not provide the 'secrets' folder ; we let each jenkins does its job at initial startup.

      Then, we rely on jenkins and this plugin' mechanism to do the encryption.

      Matter is : encryption do not happen unless a new credential is manually added, or an existing one is edited (change the comment for instance) or deleted.

      Would there be a way to force-trigger an initial encryption ? (maybe a flag somewhere telling explicitely : needs encryption at restart, or a REST entrypoint asking to re-encrypt )

      It's funny really because apparently JENKINS-27706 shows the opposite problem : double encrypted passwords

      thanks for reading !

        Attachments

          Issue Links

            Activity

            Hide
            scm_issue_link SCM/JIRA link daemon added a comment -

            Code changed in jenkins
            User: Stephen Connolly
            Path:
            src/main/java/com/cloudbees/plugins/credentials/CredentialsProvider.java
            src/main/java/com/cloudbees/plugins/credentials/CredentialsStore.java
            src/main/java/com/cloudbees/plugins/credentials/SystemCredentialsProvider.java
            src/main/java/com/cloudbees/plugins/credentials/UserCredentialsProvider.java
            http://jenkins-ci.org/commit/credentials-plugin/76f7838ee36f296ab780e021404d88b1fb3c8dc9
            Log:
            [FIXED JENKINS-39317] Provide a mechanism for forcing a save of all credential store

            • This method will only be available via Groovy scripting
            Show
            scm_issue_link SCM/JIRA link daemon added a comment - Code changed in jenkins User: Stephen Connolly Path: src/main/java/com/cloudbees/plugins/credentials/CredentialsProvider.java src/main/java/com/cloudbees/plugins/credentials/CredentialsStore.java src/main/java/com/cloudbees/plugins/credentials/SystemCredentialsProvider.java src/main/java/com/cloudbees/plugins/credentials/UserCredentialsProvider.java http://jenkins-ci.org/commit/credentials-plugin/76f7838ee36f296ab780e021404d88b1fb3c8dc9 Log: [FIXED JENKINS-39317] Provide a mechanism for forcing a save of all credential store This method will only be available via Groovy scripting
            Hide
            scm_issue_link SCM/JIRA link daemon added a comment -

            Code changed in jenkins
            User: Stephen Connolly
            Path:
            src/main/java/com/cloudbees/plugins/credentials/CredentialsProvider.java
            src/main/java/com/cloudbees/plugins/credentials/CredentialsStore.java
            src/main/java/com/cloudbees/plugins/credentials/SystemCredentialsProvider.java
            src/main/java/com/cloudbees/plugins/credentials/UserCredentialsProvider.java
            http://jenkins-ci.org/commit/credentials-plugin/aa382a6c3e4971b7696049122293209124157c06
            Log:
            Merge pull request #73 from jenkinsci/jenkins-39317

            [FIXED JENKINS-39317] Provide a mechanism for forcing a save of all credential store

            Compare: https://github.com/jenkinsci/credentials-plugin/compare/2dbde368af34...aa382a6c3e49

            Show
            scm_issue_link SCM/JIRA link daemon added a comment - Code changed in jenkins User: Stephen Connolly Path: src/main/java/com/cloudbees/plugins/credentials/CredentialsProvider.java src/main/java/com/cloudbees/plugins/credentials/CredentialsStore.java src/main/java/com/cloudbees/plugins/credentials/SystemCredentialsProvider.java src/main/java/com/cloudbees/plugins/credentials/UserCredentialsProvider.java http://jenkins-ci.org/commit/credentials-plugin/aa382a6c3e4971b7696049122293209124157c06 Log: Merge pull request #73 from jenkinsci/jenkins-39317 [FIXED JENKINS-39317] Provide a mechanism for forcing a save of all credential store Compare: https://github.com/jenkinsci/credentials-plugin/compare/2dbde368af34...aa382a6c3e49

              People

              Assignee:
              stephenconnolly Stephen Connolly
              Reporter:
              squalou squalou jenkins
              Votes:
              0 Vote for this issue
              Watchers:
              2 Start watching this issue

                Dates

                Created:
                Updated:
                Resolved: