Openssl decryption error

openssl enc -aes-256-cbc -salt -in "$input_file" -out "$output_file" -pass pass:"$encryption_key"

I used this command to encrypt a file in my local machine and then set the encrypted file as a secret file in jenkins.

Now in my jenkins freestyle project when i try to use the decryption command it refuses to work no matter what i try.

Hard coding the key also dosent do anything so key isnt the problem

openssl enc -d -aes-256-cbc -salt -in "$SECRET_FILE" -pass pass:"$DECRYPTION_KEY"

this just fails the shell script

when I try to encrypt and decrypt both within the build it still fails


# String to encrypt
plaintext="This is a secret message."

# Encryption passphrase (you can change this)

# Encrypt the string
encrypted_string=$(echo -n "$plaintext" | openssl enc -aes-256-cbc -a -salt -pass pass:"$passphrase")

# Display the encrypted string
echo "Encrypted String: $encrypted_string"

# Decrypt the string
decrypted_string=$(echo -n "$encrypted_string" | openssl enc -d -aes-256-cbc -a -salt -pass pass:"$passphrase")

# Display the decrypted string
echo "Decrypted String: $decrypted_string"

I cant figure out why is the openssl decryption failing. While encryption is working and even doing
cat $Secret_file
Prints the encrypted file but still fails to execute decrypt

Hello @ParthMishra0610 and welcome to this community. :wave:

When you’re using OpenSSL to encrypt and decrypt files in Jenkins, there are a few things you need to consider to ensure it works correctly:

  1. Use Environment Variables Carefully: Jenkins often runs jobs with different environments than your local shell. When you use environment variables like $SECRET_FILE and $DECRYPTION_KEY, make sure that these variables are set correctly within the Jenkins environment.
  2. Check File Paths: Ensure that $SECRET_FILE contains the correct file path to your secret file. You might want to use an absolute file path to avoid any relative path issues.
  3. Debugging: When debugging, add some echo statements in your Jenkins build script to print out the values of $SECRET_FILE and $DECRYPTION_KEY to verify that they are set correctly.
  4. Permissions: Ensure that the Jenkins user has permission to read the secret file. Sometimes, Jenkins may be running as a different user with restricted permissions.

Here’s an example build script that uses echo for debugging:


# Print the values of environment variables for debugging

# Decrypt the file
openssl enc -d -aes-256-cbc -salt -in "$SECRET_FILE" -out decrypted_file.txt -pass pass:"$DECRYPTION_KEY"

# Check the content of the decrypted file
cat decrypted_file.txt
  1. Redirect Errors : You might also want to redirect errors to the standard output so that you can see any error messages that OpenSSL produces. You can do this by appending 2>&1 to your OpenSSL command, like this:
openssl enc -d -aes-256-cbc -salt -in "$SECRET_FILE" -out decrypted_file.txt -pass pass:"$DECRYPTION_KEY" 2>&1

This should ensure that both standard output and standard error are captured and displayed in the Jenkins build console.