Uploaded image for project: 'Jenkins'
  1. Jenkins
  2. JENKINS-39383

Vault Plugin should mask credentials in build log

    XMLWordPrintable

Details

    Description

      Currently, it is possible and even very well likely to unintentionally print credentials obtained with the vault plugin to the jenkins log. As a user of this plugin I would want the vault plugin to behave like the credentials binding plugin https://wiki.jenkins-ci.org/display/JENKINS/Credentials+Binding+Plugin and mask any passwords from the log.
      Our team would be willing to provide a PR.

      Attachments

        Activity

          ptierno Peter Tierno added a comment -

          tobilarscheid I was planning on adding this. If your team can provide a pr then that would be great.

          Thanks

          ptierno Peter Tierno added a comment - tobilarscheid I was planning on adding this. If your team can provide a pr then that would be great. Thanks

          ptierno PR is open: https://github.com/jenkinsci/hashicorp-vault-plugin/pull/2, let's further discuss it in github. Thank you!

          tobilarscheid Tobias Larscheid added a comment - ptierno PR is open: https://github.com/jenkinsci/hashicorp-vault-plugin/pull/2 , let's further discuss it in github. Thank you!

          Code changed in jenkins
          User: Peter Tierno
          Path:
          src/main/java/com/datapipe/jenkins/vault/MaskingConsoleLogFilter.java
          src/main/java/com/datapipe/jenkins/vault/VaultBuildWrapper.java
          src/test/java/com/datapipe/jenkins/vault/VaultBuildWrapperTest.java
          http://jenkins-ci.org/commit/hashicorp-vault-plugin/0781c2515a64ae6e53b0e9241ddaadcad1ddd431
          Log:
          Merge pull request #2 from tobilarscheid/master

          Fixes JENKINS-39383, JENKINS-37201

          Automatically mask credentials from build log

          Compare: https://github.com/jenkinsci/hashicorp-vault-plugin/compare/b8c7fcb19161...0781c2515a64

          scm_issue_link SCM/JIRA link daemon added a comment - Code changed in jenkins User: Peter Tierno Path: src/main/java/com/datapipe/jenkins/vault/MaskingConsoleLogFilter.java src/main/java/com/datapipe/jenkins/vault/VaultBuildWrapper.java src/test/java/com/datapipe/jenkins/vault/VaultBuildWrapperTest.java http://jenkins-ci.org/commit/hashicorp-vault-plugin/0781c2515a64ae6e53b0e9241ddaadcad1ddd431 Log: Merge pull request #2 from tobilarscheid/master Fixes JENKINS-39383 , JENKINS-37201 Automatically mask credentials from build log Compare: https://github.com/jenkinsci/hashicorp-vault-plugin/compare/b8c7fcb19161...0781c2515a64
          ptierno Peter Tierno added a comment -

          Fixed in PR #2

          ptierno Peter Tierno added a comment - Fixed in PR #2

          People

            ptierno Peter Tierno
            tobilarscheid Tobias Larscheid
            Votes:
            0 Vote for this issue
            Watchers:
            3 Start watching this issue

            Dates

              Created:
              Updated:
              Resolved: