is there a way to setup HTTPS support in Jenkins without displaying keystore password in the process list?
I’m running Jenkins installed via RPM on Rocky Linux 9. HTTPS support is configured in the unit file which includes: Environment="JENKINS_HTTPS_KEYSTORE_PASSWORD=mypassword"
As soon as I start Jenkins --httpsKeyStorePassword=mypassword is displayed in the ps auxww list which looks like an oversite :(.
You can start jenkins with the --config option. You will need to put all jenkins command line args into this file (java properties format), afaik you can’t mix and have some directly and some in the config file.
Interesting enough Initial Settings talks about sensitive parameters specifically about --httpsKeystorePassword and recommends to use --paramsFromStdIn but Jenkins’ own systemd starter doesn’t follow that.
I have created an improvement ticket for that → JENKINS-72585. Please vote!
Hello Markus Winter/all. I am running Jenkins 2.452.2 on RHEL-9.4 with openjdk version "21.0.3; trying to hide the keystore password; unfortunately I can’t start the service. Throwing error “Failed to start jenkins.service: Unit jenkins.service has a bad unit file setting.” No issues starting the service without --config=/path/to/startup.properties. What versions (jenkins/java) you are using? how does the startup file looks like? Thank you.
@OmShree if you want somebody to help you, you need to provide your full unit file. Most probably you made some kind of syntax error in a file. Also, keep in mind that I have provided only those unit file options which are related to the question. It’s not a full file.