jenkins mask密码在返回关键字的呼叫时公开秘密文本

发布于 2025-01-19 10:55:34 字数 1633 浏览 1 评论 0 原文

我使用 jenkins蒙版密码掩盖秘密文本并效果很好。但是，当试图使用返回从单独的方法调用此秘密文本时，它会公开文本。

  properties([
        parameters([
                 password(name: 'Passwd', description: 'Encryption key')
                ])  
    ])  

// function of mask text ---
    def getAppPassword(){
      wrap([$class: 'MaskPasswordsBuildWrapper', varPasswordPairs: [[var: 'SECRET', password: Passwd]], varMaskRegexes: []]) {
                            echo  "${Passwd}" // here text get mask 
                            return "${Passwd}"   // 
                        }                
    }


// declarative pipeline --
pipeline {
    agent any
// setting up as environment varible to access it throught out the file.
       environment {
               ExecutorPassword = getAppPassword()
            }

    stages {
        stage('Hello') {
            steps {
                bat "--${ExecutorPassword} " 
                  if ("${ExecutorPassword}" == "12324") {echo "Equal!"}
                  else{ echo "Mark"  };  
            }
        }
    }
}

从过去的三天开始，我一直在这里。请帮忙。

在中getapppassword（）函数 echo“ $ {passwd}” 返回一个秘密文本，如 *** 。但是，当我调用 in pipeline spep bat中的时， bat” - $ {executorPassword}” 时。它将秘密文字暴露在控制台中。

尝试单引号，两者都引用。

使用double Quote “ ）露出秘密文本。使用
时
When used single quote ' it returns ${ExecutorPassword} varible as是。

原文

I used jenkins Mask Password to mask the secret text and works good. BUT when trying to call this secret text from seperate method using return then it exposes the text.

  properties([
        parameters([
                 password(name: 'Passwd', description: 'Encryption key')
                ])  
    ])  

// function of mask text ---
    def getAppPassword(){
      wrap([$class: 'MaskPasswordsBuildWrapper', varPasswordPairs: [[var: 'SECRET', password: Passwd]], varMaskRegexes: []]) {
                            echo  "${Passwd}" // here text get mask 
                            return "${Passwd}"   // 
                        }                
    }


// declarative pipeline --
pipeline {
    agent any
// setting up as environment varible to access it throught out the file.
       environment {
               ExecutorPassword = getAppPassword()
            }

    stages {
        stage('Hello') {
            steps {
                bat "--${ExecutorPassword} " 
                  if ("${ExecutorPassword}" == "12324") {echo "Equal!"}
                  else{ echo "Mark"  };  
            }
        }
    }
}

From last three days I stuck here. Please help.

In getAppPassword() function echo "${Passwd}" returns a secret text as masked like ***.
But when I called the function getAppPassword() in pipeline under step bat "--${ExecutorPassword} ". it expose the secret text in console.

Tried with single quote and double quote both.

When used double quote " it expose the secret text. when used
When used single quote ' it returns ${ExecutorPassword} varible as it is.

分享到QQ

分享到微博

如果你对这篇内容有疑问，欢迎到本站社区发帖提问参与讨论，获取更多帮助，或者扫码二维码加入 Web 技术交流群。

发布评论

需要登录才能够评论，你可以免费注册一个本站的账号。

魂ガ小子 2025-01-26 10:55:34

您可以使用两种不同的方法，而不是在参数中传递密码。

使用 Jenkins 凭证库，因为它会自动使用 AES 加密来加密您的密码。

使用输入函数在运行构建之间获取密码并将存储密码的变量放在有限的范围内将有助于您的安全，您也可以对其进行屏蔽，然后销毁该变量或将其设置为空你的作品完成了。这是一个小例子。
` if(authType != 'W'){

 def 用户名 = 输入(
                  id: '用户名', message: 'SQL 用户名', 参数: [
                    [$class: 'hudson.model.TextParameterDefinition', defaultValue :'', name: '用户名', description: '请输入您的用户名']
                  ]）

 def 用户密码 = 输入（
                  id: 'userPassword', message: 'SQL 密码', 参数: [
                    [$class: 'hudson.model.PasswordParameterDefinition', defaultValue :'', name: 'Passwrd', description: '请输入您的密码']
                  ]）
                  包装（[$class：'MaskPasswordsBuildWrapper'，varPasswordPairs：[[密码：“$ {userPassword}”，var：'Passwrd']]]）{

                 //您在此处使用凭据的命令

  println(userPassword) //密码将显示为加密的，如*******}

  userPassword = '' // 您可以关闭 if 语句并将变量的范围限制到此处，或者如果您无法关闭范围，则可以清空变量。}
   `

Instead of passing the password in parameter you can use two different methods.

Use Jenkins credentials vault as it will automatically encrypt your password with AES encryption.

Use input function to get the password in between of running build and putting the variable which store the password in limited scope will help you secure and you can also do masking on it and then destroy the variable or make it null as soon as your works done. Here is a small example.
` if(authType != 'W'){

  def userName = input(
                  id: 'userName', message: 'SQL Username', parameters: [
                    [$class: 'hudson.model.TextParameterDefinition', defaultValue :'', name: 'Username',  description: 'Please enter your username']
                  ])

 def userPassword = input(
                  id: 'userPassword', message: 'SQL Password', parameters: [
                    [$class: 'hudson.model.PasswordParameterDefinition', defaultValue :'', name: 'Passwrd',  description: 'Please enter your password']
                  ])
                  wrap([$class: 'MaskPasswordsBuildWrapper',  varPasswordPairs: [[password: "${userPassword}", var: 'Passwrd']]]) {

                 //your command to use credentials here

  println(userPassword) //password will appear encrypted like *******}

  userPassword = '' // you can close if statement and limit scope of variable to here or you can just empty the variable if you can't close the scope.}
   `

回复收藏 0 原文

~没有更多了~