Censor Jenkins Console Output

Hi all,

I had a question regarding Pipeline script in Jenkins. Currently, I am using the wildfly maven plugin to deploy JSF apps to a Wildfly server using the command line. In Jenkins I’m doing this with a bat command. Unfortunately, whenever a build fails, the offending bat command gets sent to the console output, which in this case contains the password used by the wildfly server, but some of our servers have passwords which our developers are not supposed to know.

Is it possible to strip parts of the Console Output off so that the password does not appear when using a bat command?


Yes, there are plugins that mask passwords when they appear in console logs.

However, you may want to consider alternate techniques that avoid placing the password into the console log at all. The credentials binding plugin will allow you to write the credentials to a file and then reference that file from the command line.

Even with the credentials binding plugin, there are risks that a malicious actor may extract the password if they have control of the build script. See the “Limitations of Credentials Masking” blog post