Uploaded image for project: 'Jenkins'
  1. Jenkins
  2. JENKINS-43263

Credentials usage tracking completely redacts secrets causing false duplicate tracking

    Details

    • Similar Issues:

      Description

      If you are using folder scoped credentials with the same ID and same description (only differing based on the secret) then the usage tracking will track incorrectly as the secrets are completely redacted instead of being replaced with a hash (either of the secret and the store or of just the store).

      This can also show up when the secret is updated as the tracking of usage will continue against the original secret value (though this could be considered useful too)

        Attachments

          Issue Links

            Activity

            stephenconnolly Stephen Connolly created issue -
            stephenconnolly Stephen Connolly made changes -
            Field Original Value New Value
            Link This issue is related to JENKINS-44171 [ JENKINS-44171 ]
            stephenconnolly Stephen Connolly made changes -
            Link This issue is related to JENKINS-41817 [ JENKINS-41817 ]
            Hide
            scm_issue_link SCM/JIRA link daemon added a comment -

            Code changed in jenkins
            User: Stephen Connolly
            Path:
            src/main/java/com/cloudbees/plugins/credentials/CredentialsStoreAction.java
            http://jenkins-ci.org/commit/credentials-plugin/9983413e8ff390c13a14aa96a3fc35f22a3f7204
            Log:
            [FIXED JENKINS-43263] Mix a hash of the secret value into the fingerprint to remove false duplicate usage tracking

            Show
            scm_issue_link SCM/JIRA link daemon added a comment - Code changed in jenkins User: Stephen Connolly Path: src/main/java/com/cloudbees/plugins/credentials/CredentialsStoreAction.java http://jenkins-ci.org/commit/credentials-plugin/9983413e8ff390c13a14aa96a3fc35f22a3f7204 Log: [FIXED JENKINS-43263] Mix a hash of the secret value into the fingerprint to remove false duplicate usage tracking
            scm_issue_link SCM/JIRA link daemon made changes -
            Status Open [ 1 ] Resolved [ 5 ]
            Resolution Fixed [ 1 ]
            stephenconnolly Stephen Connolly made changes -
            Status Resolved [ 5 ] Closed [ 6 ]

              People

              • Assignee:
                stephenconnolly Stephen Connolly
                Reporter:
                stephenconnolly Stephen Connolly
              • Votes:
                0 Vote for this issue
                Watchers:
                2 Start watching this issue

                Dates

                • Created:
                  Updated:
                  Resolved: