CODEWITHSUNDEEP
groovyjenkins-pipeline
user1365697
user1365697

Reputation: 5989

How to hidden password from groovy tp bash?

stages {
    stage('Get Clone ') {
        steps {
     sh """

               ./scripts/login_to_cf.sh  -user ${params.USERNAME} -password ${params.PASSWORD} -           
            """         

            }
        }
    }

When I call to the script I can see the password . How it could be hidden or secured ?

Upvotes: 2

Views: 1013

Answers (1)

Szymon Stepniak
Szymon Stepniak

Reputation: 42184

You should use Jenkins Credentials Binding Plugin. First, you need to add credentials. To do so go to your Jenkins job folder and click on Credentials on the left sidebar. Next click on (global) credentials domain and click on Add credentials. Choose Username with password credentials type and pass your username and password.

enter image description here

You can keep ID field empty - Jenkins will generate UUID in place, so when you add it, go to Edit view of the credentials so you can copy credentials ID.

Now you can use this username and password in Jenkins jobs located in the folder. In Jenkins pipeline you use withCredentials() step to inject credentials. Take a look at the following exemplary pipeline:

pipeline {
    agent any 

    stages {
        stage("Test") {
            steps {
                withCredentials([usernamePassword(credentialsId: '2480f22e-52b4-40df-a6f4-ab346769d694', usernameVariable: 'USERNAME', passwordVariable: 'PASSWORD')]) {
                    sh "echo --help -u $USERNAME -p $PASSWORD"
                }
            }
        }
    }
}

In this example, I inject credentials with ID 2480f22e-52b4-40df-a6f4-ab346769d694 and I store username in USERNAME variable, and password in PASSWORD variable. The good thing about using withCredentials() is that Jenkins takes care of replacing username and password with **** in the console log, so your password does not leak with the console log. (It only affects the console log and the command you execute receives correct credentials.)

[Pipeline] node
[Pipeline] {
[Pipeline] stage
[Pipeline] { (Test)
[Pipeline] withCredentials
[Pipeline] {
[Pipeline] sh
+ echo --help -u **** -p ****
--help -u **** -p ****
[Pipeline] }
[Pipeline] // withCredentials
[Pipeline] }
[Pipeline] // stage
[Pipeline] }
[Pipeline] // node
[Pipeline] End of Pipeline
Terminated
Finished: SUCCESS

Upvotes: 1

Related Questions