Home > front end >  Avoid printing passwords in Jenkins console
Avoid printing passwords in Jenkins console

Time:08-21

We have Jenkins stage which is calling a "GetVMPassword" function from library. The function returns credential and it will be used to login remote server. We dont want to print the "ssh command" and "calling a funtion command" and its reponse on console logs. So we used ‘#!/bin/sh -e \n’ before every command. Because if we print, this could reveal the remote server credentials in the console log. This was working when we dont use "parallel execution" block.

When we include "ssh command" and "calling a function command" inside "parallel execution" block, passwords are printed in console.

How can we avoid printing the library command and its response when we use "parallel execution" block ?

This is snippet of my stage and parallel execution block. StageLog

Jenkins Version: 2.235.3

@Library ('MyLib_API') _
pipeline{
    agent {
        label 'master'
    }
    stages{
        stage('BuildAll'){
            steps{
                script{
                    def executions = APPSERVERS.split(',').collectEntries {APPS -> 
                        ["Execution ${APPS}": {
                            stage(APPS) {                                
                                        APP_USERNAME = "ubuntu"
                                        response = getPassword("${APPS}","${APP_USERNAME}")
                                        sh '#!/bin/sh -e \n'   "sshpass -p '${response}' ssh -o StrictHostKeyChecking=no ${APP_USERNAME}@${APPS} 'ls'"
                                        sleep 2
                                
                            }
                        }]
                    }
                    parallel executions
                }
            }
        }
    }
}

"getPassword" is the function in library used to get the vm password dynamically. "APPSERVERS" values we are getting from Active choice parameters option.This has list of IP's of servers.

Please help me to hide those library commands and responses from stage logs.

We have tried below options.

  1. Used set x and it is not worked for us.
  2. Password masking plugin will not work. Since response from the command will get print for our case.
  3. We tried routing all the execution of commands to file and tried fetching it from there. In this option, also while parsing the file logs are printed in console.

CodePudding user response:

Try starting your script with set x, if not use password masking plugins as mentioned here - https://issues.jenkins.io/browse/JENKINS-36007

CodePudding user response:

You can use input to pass the credential and mask it in log. Here is a detailed answer stackoverflow credentials masking

Page link:https//www.codepudding.com/frontend/518223.html

Prev:Why can't use a inside pointer to initialize two difference shared_ptr?
Next:Finding nested array objects with mongoose
  • Related

About Us:  Contact Us      Terms of Service       Privacy Policy

Copyright © 2010-2023,Powered By CodePudding