Censor Jenkins Console Output

jared.leonard · March 4, 2022, 4:31pm

Hi all,

I had a question regarding Pipeline script in Jenkins. Currently, I am using the wildfly maven plugin to deploy JSF apps to a Wildfly server using the command line. In Jenkins I’m doing this with a bat command. Unfortunately, whenever a build fails, the offending bat command gets sent to the console output, which in this case contains the password used by the wildfly server, but some of our servers have passwords which our developers are not supposed to know.

Is it possible to strip parts of the Console Output off so that the password does not appear when using a bat command?

Thanks!

MarkEWaite · March 4, 2022, 7:45pm

Yes, there are plugins that mask passwords when they appear in console logs.

However, you may want to consider alternate techniques that avoid placing the password into the console log at all. The credentials binding plugin will allow you to write the credentials to a file and then reference that file from the command line.

Even with the credentials binding plugin, there are risks that a malicious actor may extract the password if they have control of the build script. See the “Limitations of Credentials Masking” blog post

Topic		Replies	Views
Mask Credentials in Jenkins Plugin Ask a question question	2	648	February 3, 2022
Api commands and responses are getting printed on Jenkins stage logs Using Jenkins question	0	489	August 18, 2022
Masking local strings in Groovy Using Jenkins	4	1905	May 4, 2024
Prevent developers from stealing jenkins credentials Using Jenkins sig-security	8	4394	June 10, 2023
Build logs in backend have binary annotations. console output on frontend looks fine Using Jenkins	6	470	October 6, 2022

Censor Jenkins Console Output

Related topics