Uploaded image for project: 'Jenkins'
  1. Jenkins
  2. JENKINS-37201

Do not store retrived secrets in build.xml.

    Details

    • Similar Issues:

      Description

      I've tried to use hashicorp-vault-plugin with Jenkins 2.9 and found out that retrived secrets are stored in build.xml like others env vars.

        Attachments

          Activity

          Hide
          tobilarscheid Tobias Larscheid added a comment -

          Probably this only happens if you use the plugin on build level and not as a wrapper in a Jenkinsfile script?

          Show
          tobilarscheid Tobias Larscheid added a comment - Probably this only happens if you use the plugin on build level and not as a wrapper in a Jenkinsfile script?
          Hide
          muddyb0y Raphael Pigulla added a comment -

          The secrets are still being shown in the build log, e.g. when passing them to Docker via --env MY_PASS=${PASS_FROM_VAULT}

          Show
          muddyb0y Raphael Pigulla added a comment - The secrets are still being shown in the build log, e.g. when passing them to Docker via --env MY_PASS=${PASS_FROM_VAULT }
          Hide
          tobilarscheid Tobias Larscheid added a comment -

          Hi Raphael Pigulla, I already solved this: https://github.com/jenkinsci/hashicorp-vault-plugin/pull/2

          The new version is however still not in the jenkins plugin repo... Peter Tierno knows more about this.

          Show
          tobilarscheid Tobias Larscheid added a comment - Hi Raphael Pigulla , I already solved this: https://github.com/jenkinsci/hashicorp-vault-plugin/pull/2 The new version is however still not in the jenkins plugin repo... Peter Tierno knows more about this.
          Hide
          muddyb0y Raphael Pigulla added a comment - - edited

          Ah, thanks for the update. In the meantime I've used the mask-passwords plugin which gets the job done but one has to be very careful not to miss anything. So looking forward to the new release

          Show
          muddyb0y Raphael Pigulla added a comment - - edited Ah, thanks for the update. In the meantime I've used the mask-passwords plugin which gets the job done but one has to be very careful not to miss anything. So looking forward to the new release
          Hide
          ptierno Peter Tierno added a comment -

          This has been released in v1.3. Should be available via updatce center soon.

          Show
          ptierno Peter Tierno added a comment - This has been released in v1.3. Should be available via updatce center soon.

            People

            • Assignee:
              ptierno Peter Tierno
              Reporter:
              meshok0 Alexey Kukushkin
            • Votes:
              2 Vote for this issue
              Watchers:
              8 Start watching this issue

              Dates

              • Created:
                Updated:
                Resolved: