Reputation: 141
How to hide passwords on Jenkins console output?
I have a job to be triggered by developers where they have to put their AD's before triggering build. But thoes passwords are displayed on console output. I have tried mask passwords plugin. But the problem is I cannot store all developers AD's in job configuration.
Please suggest me any solution.
Upvotes: 1
Views: 4733
Answers (2)
Reputation: 31
Please find below my findings with solution [without using Mask Passwords plugin]:
Brief Description about my jenkins job: I wrote a job which downloads the artifacts from Nexus based on the parameters given at run-time and then makes a Database SQL connection and deploy the SQL scripts using maven flyway plugin. My job takes - Environment, Database Schema, Artifact version number, Flyway command, Database User and it's password as input parameters.
Brief Background about problem: While passing the PASSWORD as MAVEN GOAL (Parameter), it was coming in Jenkins Console as a plain text. Although I was using "Password Parameter" to pass the password at run-time but then also it was coming as plain text in console.
I tried to use the "secret text" to encrypt the password but then my job started failing because the encrypted password was getting passed to Maven Goals, which was not able to connect to DB.
Solution:
I used "Inject passwords to the build as environment variables" from Build Environment and defined its value as my "password parameter" (my password parameter name was db_password) which I am passing as parameter at run-time (eg.: I defined my inject password value as : ${db_password} ).
And this is working as expected. The password which I am passing while running my job is coming as [*******]
[console log: Executing Maven: -B -f /work/jenkins_data/workspace/S2/database-deployment-via-flyway-EDOS/pom.xml clean compile -Ddb=UAT_cms_core -DdatabaseSchema=cms-core -Dmode=info -DdeploymentVersion=1.2.9 -Ddb_user=DB_USER -Ddb_password=[*******] ]
Regards, Rohit Rajpoot
Upvotes: 1
Reputation: 387
Here's an answer I just came across in the Jenkins documentation:
Normally you will start your script with
set +xso that commands you run are not echoed to the log, in case you mention the values of secrets in those commands.
Upvotes: 0
Related Questions
- Hiding password in Jenkins pipeline script
- How to hide passwords in Jenkins console output?
- How to mask a password field in Jenkins Pipeline project?
- How to tell Jenkins build Console Logs to obfuscate passwords, preferably without a plugIn?
- Hiding passwords in Jenkins Pipeline log output without using WithCredentials
- How to mask parameters and password in Jenkins build history?
- Jenkins how to hide system level console output
- How to disable access to certain credentials in Jenkins pipeline
- How to hide password from jenkins shell output
- How to hide SSH username,password and private key in Jenkins