Will the encryption & decryption works, if I move the master.key file out of secrets folder or as a password protected file post initial setup?
Thanks,
Bala
Are you asking if Jenkins can still decrypt if the decryption key is no longer accessible? I can’t see how it would.
Are you asking if it loads it once into memory? I don’t know, it’s never occurred to me to look. But I would recommend using a different secret provider like vault or kubernetes secrets, the built in vault for credentials b plugin is pretty basic
Thanks @halkeye for your quick response.
As i understand that master.key is used to encrypt other key files within jenkins, If i do a custom encryption to the master.key file, will it still supports the envryption/decryption of secret variables?
Also, as master.key is the main file for encryption/decryption, if I protect the file with a password, will jenkins supports?
Thanks,
Bala
I seriously doubt it. If you encrypt the file how would Jenkins be able to read it? The code is all open source of you want to dig into it, or provide that feature, but at the moment I’m pretty sure it doesn’t and havnt heard of anyone encrypting that file.