rpallela
Reputation: 11
Jenkins hide secrets in logs
I am seeing the following issues While secrets/passwords are redacted in jenkins console log, redirecting output to a file prints teh secrets / passwords in plain text even with mask passwords plugin enabled
Steps to reproduce: Create new freestyle job and do teh following steps
- Select 'Inject passwords to the build as environment variables'
- Select 'Global passwords'
- Select 'Mask password parameters';
- Add BuildStep 'Execute Shell'; In the shell enter
env 2>&1 | tee "log.log"
- Save the config
- Build
- Workspace
- List item
open log.log and you will see the passwords printed in plain text
Is there any way to hide passwords / secrets from redirected output?
Upvotes: 1
Views: 1003
Answers (1)
towel
Reputation: 2214
Unfortunately no. Once you redirect output to a file it's no longer managed by Jenkins and you have provide your own secret obfuscation.
Upvotes: 1
Related Questions
- Jenkins Hidden Parameters
- How to hide passwords in Jenkins console output?
- How to tell Jenkins build Console Logs to obfuscate passwords, preferably without a plugIn?
- Suppress sensitive information from Jenkins logs
- Jenkins: Hide job from anonymous users
- How to mask parameters and password in Jenkins build history?
- On Jenkins, is there a way to allow Build Logs to be viewed anonymously?
- Mask secret text password variable in Jenkins
- How to hide passwords on Jenkins console output?
- jenkins hide certain build parameters from general users