Key-Value Pairs in Jenkins Freestyle Job Configurations Are Being Masked (Dotted) – Unable to View or Copy

Jenkins setup:

Jenkins: 2.479.1
OS: Linux - 5.15.0-126-generic
Java: 17.0.13 - Ubuntu (OpenJDK 64-Bit Server VM)

ace-editor:1.1
ansible:403.v8d0ca_dcb_b_502
ant:511.v0a_a_1a_334f41b_
antisamy-markup-formatter:162.v0e6ec0fcfcf6
apache-httpcomponents-client-4-api:4.5.14-208.v438351942757
asm-api:9.7.1-97.v4cc844130d97
authentication-tokens:1.119.v50285141b_7e1
badge:2.5
blackduck-hub:2.1.1
bootstrap5-api:5.3.3-1
bouncycastle-api:2.30.1.78.1-248.ve27176eb_46cb_
branch-api:2.1200.v4b_a_3da_2eb_db_4
build-timeout:1.33
build-timestamp:1.0.4
build-user-vars-plugin:182.v378b_9f14b_487
caffeine-api:3.1.8-133.v17b_1ff2e0599
checks-api:2.2.1
cloudbees-folder:6.959.v4ed5cc9e2dd4
command-launcher:116.vd85919c54a_d6
commons-lang3-api:3.17.0-84.vb_b_938040b_078
commons-text-api:1.12.0-129.v99a_50df237f7
conditional-buildstep:1.4.3
config-file-provider:980.v88956a_a_5d6a_d
credentials:1389.vd7a_b_f5fa_50a_2
credentials-binding:687.v619cb_15e923f
display-url-api:2.209.v582ed814ff2f
docker-commons:445.v6b_646c962a_94
docker-workflow:580.vc0c340686b_54
durable-task:577.v2a_8a_4b_7c0247
dynamicparameter:0.2.0
echarts-api:5.5.1-4
eddsa-api:0.3.0-4.v84c6f0f4969e
email-ext:1855.vd9e491cb_de1e
emoji-symbols-api:13.v723a_b_8e234d1
external-monitor-job:215.v2e88e894db_f8
flexible-publish:0.16.1
font-awesome-api:6.6.0-2
git:5.6.0
git-client:6.1.0
git-server:126.v0d945d8d2b_39
github:1.40.0
github-api:1.321-478.vc9ce627ce001
github-branch-source:1807.v50351eb_7dd13
github-organization-folder:1.6
gradle:2.13.1
groovy:457.v99900cb_85593
groovy-postbuild:267.va_df06de9fa_fa_
gson-api:2.11.0-85.v1f4e87273c33
handlebars:3.0.8
hipchat:2.2.1
htmlpublisher:1.37
icon-shim:3.0.0
instance-identity:201.vd2a_b_5a_468a_a_6
ionicons-api:74.v93d5eb_813d5f
jackson2-api:2.17.0-379.v02de8ec9f64c
jakarta-activation-api:2.1.3-1
jakarta-mail-api:2.1.3-1
javadoc:280.v050b_5c849f69
javax-activation-api:1.2.0-7
javax-mail-api:1.6.2-10
jaxb:2.3.9-1
jdk-tool:80.v8a_dee33ed6f0
jjwt-api:0.11.5-112.ve82dfb_224b_a_d
joda-time-api:2.13.0-93.v9934da_29b_a_e9
jquery:1.12.4-3
jquery-detached:1.2.1
jquery3-api:3.7.1-2
jsch:0.2.16-86.v42e010d9484b_
json-api:20240303-101.v7a_8666713110
json-path-api:2.9.0-118.v7f23ed82a_8b_8
junit:1309.v0078b_fecd6ed
ldap:770.vb_455e934581a_
mailer:489.vd4b_25144138f
mapdb-api:1.0.9-40.v58107308b_7a_7
matrix-auth:3.2.3
matrix-project:840.v812f627cb_578
maven-plugin:3.24
mina-sshd-api-common:2.14.0-133.vcc091215a_358
mina-sshd-api-core:2.14.0-133.vcc091215a_358
momentjs:1.1.1
nodejs:1.6.2
nodelabelparameter:1.13.0
okhttp-api:4.11.0-181.v1de5b_83857df
pam-auth:1.11
parameterized-trigger:806.vf6fff3e28c3e
pipeline-build-step:540.vb_e8849e1a_b_d8
pipeline-github-lib:61.v629f2cc41d83
pipeline-graph-analysis:216.vfd8b_ece330ca_
pipeline-groovy-lib:744.v5b_556ee7c253
pipeline-input-step:495.ve9c153f6067b_
pipeline-milestone-step:119.vdfdc43fc3b_9a_
pipeline-model-api:2.2218.v56d0cda_37c72
pipeline-model-definition:2.2218.v56d0cda_37c72
pipeline-model-extensions:2.2218.v56d0cda_37c72
pipeline-rest-api:2.34
pipeline-stage-step:312.v8cd10304c27a_
pipeline-stage-tags-metadata:2.2218.v56d0cda_37c72
pipeline-stage-view:2.34
plain-credentials:183.va_de8f1dd5a_2b_
plugin-util-api:5.1.0
popper2-api:2.11.6-5
promoted-builds:965.vcda_c6a_e0998f
quality-gates:2.5
resource-disposer:0.25
robot:5.0.0
role-strategy:743.v142ea_b_d5f1d3
run-condition:1.7
scm-api:698.v8e3b_c788f0a_6
script-security:1369.v9b_98a_4e95b_2d
scriptler:376.v152edd95b_ca_f
simple-theme-plugin:196.v96d9592f4efa_
snakeyaml-api:2.3-123.v13484c65210a_
sonar:2.17.3
ssh-credentials:343.v884f71d78167
ssh-slaves:2.973.v0fa_8c0dea_f9f
sshd:3.330.vc866a_8389b_58
structs:338.v848422169819
timestamper:1.28
token-macro:400.v35420b_922dcb_
trilead-api:2.147.vb_73cc728a_32e
variant:60.v7290fc0eb_b_cd
windows-slaves:1.8.1
workflow-aggregator:600.vb_57cdd26fdd7
workflow-api:1336.vee415d95c521
workflow-basic-steps:1058.vcb_fc1e3a_21a_9
workflow-cps:3993.v3e20a_37282f8
workflow-cps-global-lib:612.v55f2f80781ef
workflow-durable-task-step:1378.v6a_3e903058a_3
workflow-job:1468.vcf4f5ee92395
workflow-multibranch:795.ve0cb_1f45ca_9a_
workflow-scm-step:427.v4ca_6512e7df1
workflow-step-api:678.v3ee58b_469476
workflow-support:932.vb_555de1b_a_b_94
ws-cleanup:0.48

I am using Jenkins to manage several Freestyle jobs. Previously, I was able to view and copy key-value pairs directly from the job configurations when using Jenkins v2.391. These values are not credentials but parameters used in build steps (e.g., API keys, configuration settings). After upgrading Jenkins, I noticed that these key-value pairs are now masked (shown as dots), even though they are not stored as sensitive data in the Jenkins Credentials Store.

This change is causing issues because:

  1. I can no longer see these values in the Jenkins UI when viewing the job configuration.
  2. I cannot copy these values for use in other job configurations or when troubleshooting.
  3. Problem Description:
  4. In the Freestyle job configuration, key-value pairs that are specified within the build steps are now masked (concealed as dotted values) after the Jenkins upgrade. This is happening even for non-sensitive values that are essential for job execution.

Specific Problems I’m Facing:

  1. Masked Key-Value Pairs in Build Steps: The values for environment variables and other key-value pairs in the build steps are concealed (displayed as dots) in the Jenkins UI.
  2. Unable to Copy: These masked values cannot be copied, making it difficult to reference or replicate them in new jobs.
  3. No Clear Way to Disable Masking: I cannot find an option in Jenkins settings or job configuration to stop masking these values.

What I Have Tried:

  1. I looked for settings under Manage Jenkins → Configure System → Global Security, but found no relevant options to disable masking for these specific values in job configurations.
  2. I explored plugins (such as the Mask Passwords Plugin and Credentials Binding Plugin) to see if they were responsible for this behavior, but I couldn’t find an option to stop masking non-sensitive values in build steps.
  3. I tried to check the job’s config.xml file for potential manual changes, but I was unable to identify fields or flags related to masking for these key-value pairs.

Environment Details:

  • Previous Jenkins Version: 2.391
  • Current Jenkins Version: 2.479.1
  • Type of Job: Freestyle job
  • Affected Build Steps: Invoke Ansible Playbook step , where non-sensitive environment variables are used in the additional space when adding extra variables as key-value pairs.

Desired Outcome:

I need to be able to:

  • View Key-Value Pairs in Build Steps: Display key-value pairs (e.g., API keys, environment variables) in the job configurations without masking, as these are not sensitive values.
  • Keep Security Intact for Real Credentials: Keep passwords and sensitive credentials masked as needed but allow non-sensitive values to be shown normally.

Questions:

  1. How can I disable masking for non-sensitive key-value pairs in build steps within a Freestyle job?
  2. Is there any plugin setting or global Jenkins configuration that might be masking these values? How can I modify it?
  3. Are there any alternative approaches to manage non-sensitive key-value pairs in Jenkins that would allow me to view and copy them easily without masking?

Additional Information:

If there is a way to explicitly flag certain values as non-sensitive in the Jenkins UI or via a configuration file (e.g., config.xml), please provide details.

I would also appreciate guidance on whether this behavior is a known change in recent Jenkins versions and if there are best practices for handling such cases.

Thank you everyone for helping on this!