Uploaded image for project: 'Jenkins'
  1. Jenkins
  2. JENKINS-20937

SCM password should not be recorded in build.xml in job's builds storage

XMLWordPrintable

    • Icon: Improvement Improvement
    • Resolution: Fixed
    • Icon: Major Major
    • m2release-plugin
    • None
    • Jenkins LTS 1.509.4, m2release plugin 0.13.0-SNAPSHOT

      The SCM credentials used/provided are recorded in the job's builds storage (in build.xml).

      <hudson.maven.MavenModuleSetBuild plugin="maven-plugin@1.509.4">
  <actions>
    ...
    <org.jvnet.hudson.plugins.m2release.M2ReleaseArgumentInterceptorAction plugin="m2release@0.13.0-SNAPSHOT">
      <goalsAndOptions>-DdevelopmentVersion=1.1.1-SNAPSHOT -DreleaseVersion=1.1.0 -Dusername=USERID -Dpassword=topsecret -Dresume=false release:prepare release:perform</goalsAndOptions>
    </org.jvnet.hudson.plugins.m2release.M2ReleaseArgumentInterceptorAction>
    ...
  </actions>
  ...
</hudson.maven.MavenModuleSetBuild>

      This is not good as user passwords should be kept secret. Is there any reason for this to be stored?

            Unassigned Unassigned
            ahammar Anders Hammar
            Votes:
            0 Vote for this issue
            Watchers:
            1 Start watching this issue

              Created:
              Updated:
              Resolved: