I need to hide the arguments from jenkins log

Question

I need to build docker image with set of attributes through Jenkins, i also need to pass my private key as a argument, but while build the image i am getting the private key in my Jenkins log. I need to get rid of it and i need only the image build logs, anyone please help me on this

docker build --build-arg SSH_PRIVATE_KEY=$(cat ~/.ssh/id_rsa)-t ${REGISTRY}/${APPLICATION_NAME}:PR-${CHANGE_ID} .

Answer 1

Try using MaskPasswordWrapper, it would successfully mask all the variables that are specified throughout the jenkins console log.

Plugin Link: https://wiki.jenkins.io/display/JENKINS/Mask+Passwords+Plugin

script{
    san7ket = 'lololol'
    wrap([$class: 'MaskPasswordsBuildWrapper', varMaskRegexes: [[regex: '(.)']], varPasswordPairs: [[var: 'sjagtap', var:'a']]]) {
    // some block
    echo san7ket
    echo a
}    
}

Output:

[Pipeline] script
[Pipeline] {
[Pipeline] wrap
[Pipeline] {
[Pipeline] echo
********************************************************
[Pipeline] echo
****************************************************************************************
[Pipeline] }
[Pipeline] // wrap
[Pipeline] }
[Pipeline] // script

Answer 2

As mentioned by @David

You shouldn't pass ssh keys into your build sequence like this at all

But to answer your question, modify the bash script and it will not display the content your ssh-key.

set +x
docker build --build-arg SSH_PRIVATE_KEY="$(cat ~/.ssh/id_rsa)" -t ssha .
set -x

you will not able to see the ssh_key during the build time, but it will be set, you can verify

docker run --rm ssha bash -c "cat ~/.ssh/id_rsa"