[JIRA] (JENKINS-61808) Always encrypt f:password values, not just those backed by Secret

5 views
Skip to first unread message

dbeck@cloudbees.com (JIRA)

unread,
Apr 3, 2020, 8:45:03 PM4/3/20
to jenkinsc...@googlegroups.com
Daniel Beck created an issue
 
Jenkins / Improvement JENKINS-61808
Always encrypt f:password values, not just those backed by Secret
Issue Type: Improvement Improvement
Assignee: Daniel Beck
Components: core
Created: 2020-04-04 00:44
Priority: Minor Minor
Reporter: Daniel Beck

Too many people get the Secret getters wrong. What if we just always returned a Secret, and had a StringConverter to handle submitted secrets and transparently decrypt again?

This would eliminate this class of problem. Only storage would really need to be done as Secret, but the internal API types wouldn't matter so much.

Test cases need to include String typed encrypted secrets, and unmatched getter/setter types.
Add Comment Add Comment
 
This message was sent by Atlassian Jira (v7.13.12#713012-sha1:6e07c38)
Atlassian logo

dbeck@cloudbees.com (JIRA)

unread,
Apr 3, 2020, 9:21:02 PM4/3/20
to jenkinsc...@googlegroups.com
Daniel Beck started work on Improvement JENKINS-61808
 
Change By: Daniel Beck
Status: Open In Progress

jglick@cloudbees.com (JIRA)

unread,
Apr 7, 2020, 12:15:04 PM4/7/20
to jenkinsc...@googlegroups.com
Change By: Jesse Glick
Status: In Progress Review
Reply all
Reply to author
Forward
0 new messages