is there a way to setup HTTPS support in Jenkins without displaying keystore password in the process list?
I’m running Jenkins installed via RPM on Rocky Linux 9. HTTPS support is configured in the unit file which includes: Environment="JENKINS_HTTPS_KEYSTORE_PASSWORD=mypassword"
As soon as I start Jenkins --httpsKeyStorePassword=mypassword is displayed in the ps auxww list which looks like an oversite :(.
You can start jenkins with the --config option. You will need to put all jenkins command line args into this file (java properties format), afaik you can’t mix and have some directly and some in the config file.
Interesting enough Initial Settings talks about sensitive parameters specifically about --httpsKeystorePassword and recommends to use --paramsFromStdIn but Jenkins’ own systemd starter doesn’t follow that.
I have created an improvement ticket for that → JENKINS-72585. Please vote!