Uploaded image for project: 'Jenkins'
  1. Jenkins
  2. JENKINS-20937

SCM password should not be recorded in build.xml in job's builds storage

    Details

    • Type: Improvement
    • Status: Resolved
    • Priority: Major
    • Resolution: Fixed
    • Component/s: m2release-plugin
    • Labels:
      None
    • Environment:
      Jenkins LTS 1.509.4, m2release plugin 0.13.0-SNAPSHOT
    • Similar Issues:

      Description

      The SCM credentials used/provided are recorded in the job's builds storage (in build.xml).

      <hudson.maven.MavenModuleSetBuild plugin="maven-plugin@1.509.4">
        <actions>
          ...
          <org.jvnet.hudson.plugins.m2release.M2ReleaseArgumentInterceptorAction plugin="m2release@0.13.0-SNAPSHOT">
            <goalsAndOptions>-DdevelopmentVersion=1.1.1-SNAPSHOT -DreleaseVersion=1.1.0 -Dusername=USERID -Dpassword=topsecret -Dresume=false release:prepare release:perform</goalsAndOptions>
          </org.jvnet.hudson.plugins.m2release.M2ReleaseArgumentInterceptorAction>
          ...
        </actions>
        ...
      </hudson.maven.MavenModuleSetBuild>
      

      This is not good as user passwords should be kept secret. Is there any reason for this to be stored?

        Attachments

          Activity

            People

            • Assignee:
              teilo James Nord
              Reporter:
              ahammar Anders Hammar
            • Votes:
              0 Vote for this issue
              Watchers:
              1 Start watching this issue

              Dates

              • Created:
                Updated:
                Resolved: