Uploaded image for project: 'Jenkins'
  1. Jenkins
  2. JENKINS-27389

credentials set via 'withCredentials' block isn't accesible from 'env'

    Details

    • Similar Issues:

      Description

      Unclear if it's in workflow or in credentials-binding plugin.

      During an engagement, I found that the following ugly but seemingly valid workflow script doesn't let me acess the value of the secret:

      def credential(name) {
        def v;
        withCredentials([[$class: 'StringBinding', credentialsId: name, variable: 'foo']]) {
            v = env.foo;
        }
        return v
      }
      
      node {
        echo credential("idOfSecretText")
      }
      

        Attachments

          Issue Links

            Activity

            kohsuke Kohsuke Kawaguchi created issue -
            Hide
            jglick Jesse Glick added a comment -

            Possibly related to JENKINS-26552 and changes in PR 41.

            Show
            jglick Jesse Glick added a comment - Possibly related to JENKINS-26552 and changes in PR 41.
            jglick Jesse Glick made changes -
            Field Original Value New Value
            Link This issue is related to JENKINS-26552 [ JENKINS-26552 ]
            kohsuke Kohsuke Kawaguchi made changes -
            Assignee Jesse Glick [ jglick ] Kohsuke Kawaguchi [ kohsuke ]
            jglick Jesse Glick made changes -
            Issue Type Improvement [ 4 ] Bug [ 1 ]
            Priority Minor [ 4 ] Major [ 3 ]
            Labels workflow
            Component/s credentials-binding-plugin [ 18129 ]
            Component/s workflow-plugin [ 18820 ]
            jglick Jesse Glick made changes -
            Assignee Kohsuke Kawaguchi [ kohsuke ] Jesse Glick [ jglick ]
            jglick Jesse Glick made changes -
            Status Open [ 1 ] In Progress [ 3 ]
            jglick Jesse Glick made changes -
            Remote Link This issue links to "PR 6 (Web Link)" [ 12201 ]
            Hide
            scm_issue_link SCM/JIRA link daemon added a comment -

            Code changed in jenkins
            User: Jesse Glick
            Path:
            src/test/java/org/jenkinsci/plugins/credentialsbinding/impl/BindingStepTest.java
            http://jenkins-ci.org/commit/credentials-binding-plugin/82c0d5e025abec7ec00b1179c46f9c9b3266c18a
            Log:
            JENKINS-27389 Reproduced problem in test.

            Show
            scm_issue_link SCM/JIRA link daemon added a comment - Code changed in jenkins User: Jesse Glick Path: src/test/java/org/jenkinsci/plugins/credentialsbinding/impl/BindingStepTest.java http://jenkins-ci.org/commit/credentials-binding-plugin/82c0d5e025abec7ec00b1179c46f9c9b3266c18a Log: JENKINS-27389 Reproduced problem in test.
            Hide
            scm_issue_link SCM/JIRA link daemon added a comment -

            Code changed in jenkins
            User: Jesse Glick
            Path:
            pom.xml
            src/test/java/org/jenkinsci/plugins/credentialsbinding/impl/BindingStepTest.java
            http://jenkins-ci.org/commit/credentials-binding-plugin/2fe481bbc1f7866448730fc3d89c66a246ebb14e
            Log:
            [FIXED JENKINS-27389] Confirming that fix of JENKINS-26552 solved this as well.

            Show
            scm_issue_link SCM/JIRA link daemon added a comment - Code changed in jenkins User: Jesse Glick Path: pom.xml src/test/java/org/jenkinsci/plugins/credentialsbinding/impl/BindingStepTest.java http://jenkins-ci.org/commit/credentials-binding-plugin/2fe481bbc1f7866448730fc3d89c66a246ebb14e Log: [FIXED JENKINS-27389] Confirming that fix of JENKINS-26552 solved this as well.
            jglick Jesse Glick made changes -
            Status In Progress [ 3 ] Resolved [ 5 ]
            Resolution Fixed [ 1 ]
            Hide
            scm_issue_link SCM/JIRA link daemon added a comment -

            Code changed in jenkins
            User: Jesse Glick
            Path:
            CHANGES.md
            http://jenkins-ci.org/commit/workflow-plugin/8aba4d5b6c7236aaddbda7c69e89807c872add4f
            Log:
            JENKINS-27389 Noting.

            Show
            scm_issue_link SCM/JIRA link daemon added a comment - Code changed in jenkins User: Jesse Glick Path: CHANGES.md http://jenkins-ci.org/commit/workflow-plugin/8aba4d5b6c7236aaddbda7c69e89807c872add4f Log: JENKINS-27389 Noting.
            Hide
            jglick Jesse Glick added a comment -

            Note that the originally suggested script is valid, but insecure: the secret will be persisted in plaintext in the build record while the build is in progress. (At the end of the build it will be deleted.) Idiomatic use of withCredentials would prevent this (see JENKINS-27631).

            Show
            jglick Jesse Glick added a comment - Note that the originally suggested script is valid, but insecure: the secret will be persisted in plaintext in the build record while the build is in progress. (At the end of the build it will be deleted.) Idiomatic use of withCredentials would prevent this (see JENKINS-27631 ).
            rtyler R. Tyler Croy made changes -
            Workflow JNJira [ 161594 ] JNJira + In-Review [ 196809 ]
            abayer Andrew Bayer made changes -
            Labels workflow pipeline workflow
            abayer Andrew Bayer made changes -
            Labels pipeline workflow pipeline

              People

              • Assignee:
                jglick Jesse Glick
                Reporter:
                kohsuke Kohsuke Kawaguchi
              • Votes:
                0 Vote for this issue
                Watchers:
                4 Start watching this issue

                Dates

                • Created:
                  Updated:
                  Resolved: