Uploaded image for project: 'Jenkins'
  1. Jenkins
  2. JENKINS-27486

Workflow step to mask console output

    XMLWordPrintable

    Details

    • Type: Bug
    • Status: Resolved (View Workflow)
    • Priority: Major
    • Resolution: Fixed
    • Component/s: pipeline
    • Labels:
      None
    • Similar Issues:

      Description

      We want to have a block statement that allows sensitive tokens to be masked from the console output inside the body, such as:

      maskPassword("s3cr3t!") {
        echo "Hello s3cr3t!" // this should produce "Hello ***********" or something
      }
      

      The exact syntax can be anything, but the above one would prove the concept that this can be done in a composable manner.

        Attachments

          Issue Links

            Activity

            Hide
            jglick Jesse Glick added a comment -

            Would like the Mask Passwords plugin to be able to do this via SimpleBuildWrapper; and BindingStep in the Credentials Binding plugin should also do this.

            Show
            jglick Jesse Glick added a comment - Would like the Mask Passwords plugin to be able to do this via SimpleBuildWrapper ; and BindingStep in the Credentials Binding plugin should also do this.
            Hide
            scm_issue_link SCM/JIRA link daemon added a comment -

            Code changed in jenkins
            User: Jesse Glick
            Path:
            src/test/java/org/jenkinsci/plugins/credentialsbinding/impl/BindingStepTest.java
            http://jenkins-ci.org/commit/credentials-binding-plugin/6673cd9dde0bf13682852a502b56eca64a26b4e9
            Log:
            JENKINS-27486 Reproduced problem in test.

            Show
            scm_issue_link SCM/JIRA link daemon added a comment - Code changed in jenkins User: Jesse Glick Path: src/test/java/org/jenkinsci/plugins/credentialsbinding/impl/BindingStepTest.java http://jenkins-ci.org/commit/credentials-binding-plugin/6673cd9dde0bf13682852a502b56eca64a26b4e9 Log: JENKINS-27486 Reproduced problem in test.
            Hide
            scm_issue_link SCM/JIRA link daemon added a comment -

            Code changed in jenkins
            User: Jesse Glick
            Path:
            pom.xml
            src/main/java/org/jenkinsci/plugins/credentialsbinding/impl/BindingStep.java
            src/test/java/org/jenkinsci/plugins/credentialsbinding/impl/BindingStepTest.java
            http://jenkins-ci.org/commit/credentials-binding-plugin/9d48a1036801612e02d8642211e9b188bd804f79
            Log:
            [FIXED JENKINS-27486] Mask passwords accidentally sent to log.

            Show
            scm_issue_link SCM/JIRA link daemon added a comment - Code changed in jenkins User: Jesse Glick Path: pom.xml src/main/java/org/jenkinsci/plugins/credentialsbinding/impl/BindingStep.java src/test/java/org/jenkinsci/plugins/credentialsbinding/impl/BindingStepTest.java http://jenkins-ci.org/commit/credentials-binding-plugin/9d48a1036801612e02d8642211e9b188bd804f79 Log: [FIXED JENKINS-27486] Mask passwords accidentally sent to log.
            Hide
            michaellihs Michael Lihs added a comment -

            Hi Jesse Glick,

            since this seems to be resolved, could you please provide a link to some documentation on how to use it? From what I see in the linked commits, this only works with the WithCredentials step - which is not what had been asked for in this issue (and is not what I need) - hence I am asking whether the requirement in the description has been met or not.

            I also posted a question on SO, which might make things clearer: https://stackoverflow.com/questions/52551232/hiding-passwords-in-jenkins-pipeline-log-output-without-using-withcredentials

            Thanks a lot for your work and your help!

            Michael

            Show
            michaellihs Michael Lihs added a comment - Hi Jesse Glick , since this seems to be resolved, could you please provide a link to some documentation on how to use it? From what I see in the linked commits, this only works with the WithCredentials step - which is not what had been asked for in this issue (and is not what I need) - hence I am asking whether the requirement in the description has been met or not. I also posted a question on SO, which might make things clearer: https://stackoverflow.com/questions/52551232/hiding-passwords-in-jenkins-pipeline-log-output-without-using-withcredentials Thanks a lot for your work and your help! Michael
            Hide
            jglick Jesse Glick added a comment -
            Show
            jglick Jesse Glick added a comment - See JENKINS-36007 .

              People

              • Assignee:
                jglick Jesse Glick
                Reporter:
                kohsuke Kohsuke Kawaguchi
              • Votes:
                0 Vote for this issue
                Watchers:
                8 Start watching this issue

                Dates

                • Created:
                  Updated:
                  Resolved: