I am trying to send a credential into the Run-ScriptBlockImpersonated command below. I am new to Jenkins (Version 2.492.2 on Windows) and cannot seem to get the password in as a variable. Any glaring errors here?
I’ve tried some other variations. From everything I see, my environment/shell variable (at the process level) is being set to “*** Not Valid For Display ***”, so no matter how I access it from with the script, the actual value isn’t available.
hmm I tried it on windows with powershell step instead of pwsh and that works just fine. The String *** Not Valid For Display *** is not coming from Jenkins or any of the plugins I think , so don’t know what the problem might be.
Is that credential one that is coming via thycotic or is it a plain username/password credential in Jenkins
Don’t know, I found the String *** Not Valid For Display *** in the context of thycotic, so my assumption is that you’re not allowed to use that password from thycotic in this way.
You could check if the problem is the same when you use a freestyle project and try to use that secret there.
And then create a normal credential in Jenkins and check if this works.
Yes, this is definitely related to the Thycotic plugin. Thank you for that tip. Where had you seen this mentioned before? I’ve opened https://issues.jenkins.io/browse/JENKINS-75422 but will close it if this is open elsewhere.
Normal/Jenkins-stored username+password:
Password’s first few characters revealed if I print the variables:
btw I guess it’s not directly the plugin that sets this value but when the plugin communicates with the thycotic secret server, it gets this as the value for the password.
@mawinter69 , you are correct. I ultimately learned that Secret Server was masking the password because I had this combination of settings applied to the secret:
a “launcher” was configured on the secret template
the secret policy was set to “Hide launcher password"
Once I removed the launcher from the secret, Secret Server coughed up the password.