Uploaded image for project: 'Jenkins'
  1. Jenkins
  2. JENKINS-27389

credentials set via 'withCredentials' block isn't accesible from 'env'

    Details

    • Similar Issues:

      Description

      Unclear if it's in workflow or in credentials-binding plugin.

      During an engagement, I found that the following ugly but seemingly valid workflow script doesn't let me acess the value of the secret:

      def credential(name) {
        def v;
        withCredentials([[$class: 'StringBinding', credentialsId: name, variable: 'foo']]) {
            v = env.foo;
        }
        return v
      }
      
      node {
        echo credential("idOfSecretText")
      }
      

        Attachments

          Issue Links

            Activity

            Hide
            jglick Jesse Glick added a comment -

            Possibly related to JENKINS-26552 and changes in PR 41.

            Show
            jglick Jesse Glick added a comment - Possibly related to JENKINS-26552 and changes in PR 41.
            Hide
            scm_issue_link SCM/JIRA link daemon added a comment -

            Code changed in jenkins
            User: Jesse Glick
            Path:
            src/test/java/org/jenkinsci/plugins/credentialsbinding/impl/BindingStepTest.java
            http://jenkins-ci.org/commit/credentials-binding-plugin/82c0d5e025abec7ec00b1179c46f9c9b3266c18a
            Log:
            JENKINS-27389 Reproduced problem in test.

            Show
            scm_issue_link SCM/JIRA link daemon added a comment - Code changed in jenkins User: Jesse Glick Path: src/test/java/org/jenkinsci/plugins/credentialsbinding/impl/BindingStepTest.java http://jenkins-ci.org/commit/credentials-binding-plugin/82c0d5e025abec7ec00b1179c46f9c9b3266c18a Log: JENKINS-27389 Reproduced problem in test.
            Hide
            scm_issue_link SCM/JIRA link daemon added a comment -

            Code changed in jenkins
            User: Jesse Glick
            Path:
            pom.xml
            src/test/java/org/jenkinsci/plugins/credentialsbinding/impl/BindingStepTest.java
            http://jenkins-ci.org/commit/credentials-binding-plugin/2fe481bbc1f7866448730fc3d89c66a246ebb14e
            Log:
            [FIXED JENKINS-27389] Confirming that fix of JENKINS-26552 solved this as well.

            Show
            scm_issue_link SCM/JIRA link daemon added a comment - Code changed in jenkins User: Jesse Glick Path: pom.xml src/test/java/org/jenkinsci/plugins/credentialsbinding/impl/BindingStepTest.java http://jenkins-ci.org/commit/credentials-binding-plugin/2fe481bbc1f7866448730fc3d89c66a246ebb14e Log: [FIXED JENKINS-27389] Confirming that fix of JENKINS-26552 solved this as well.
            Hide
            scm_issue_link SCM/JIRA link daemon added a comment -

            Code changed in jenkins
            User: Jesse Glick
            Path:
            CHANGES.md
            http://jenkins-ci.org/commit/workflow-plugin/8aba4d5b6c7236aaddbda7c69e89807c872add4f
            Log:
            JENKINS-27389 Noting.

            Show
            scm_issue_link SCM/JIRA link daemon added a comment - Code changed in jenkins User: Jesse Glick Path: CHANGES.md http://jenkins-ci.org/commit/workflow-plugin/8aba4d5b6c7236aaddbda7c69e89807c872add4f Log: JENKINS-27389 Noting.
            Hide
            jglick Jesse Glick added a comment -

            Note that the originally suggested script is valid, but insecure: the secret will be persisted in plaintext in the build record while the build is in progress. (At the end of the build it will be deleted.) Idiomatic use of withCredentials would prevent this (see JENKINS-27631).

            Show
            jglick Jesse Glick added a comment - Note that the originally suggested script is valid, but insecure: the secret will be persisted in plaintext in the build record while the build is in progress. (At the end of the build it will be deleted.) Idiomatic use of withCredentials would prevent this (see JENKINS-27631 ).

              People

              • Assignee:
                jglick Jesse Glick
                Reporter:
                kohsuke Kohsuke Kawaguchi
              • Votes:
                0 Vote for this issue
                Watchers:
                4 Start watching this issue

                Dates

                • Created:
                  Updated:
                  Resolved: