buildInfoxxxx.properties on /tmp directory on Jenkins server exposing the credentials
32 views
Skip to first unread message
Makarand Jadhav
Feb 7, 2017, 7:58:24 AM2/7/17
to Jenkins Users
Hi,
We have been using gradle build tool(Gradle Plugin) for compiling the source code and then using the Artifactory plugin(Gradle-Artifactory Integration) for publishing the artifacts to the Artifactory server from the Jenkins server.
Our server administrator reported that there are lot of buildInfoxxxx.properties on /tmp directory(where xxxx is any arbitrary number generated by build) on Jenkins server and its been observed that contents of buildInfoxxxx.properties are exposing the credentials of some of the resources accessed during the build & deploy process(e.g.: credentials of Artifactory, DB, Shared drives etc.). The excerpt of contents of buildInfoxxxx.properties(many lines deleted & masked) is as below:
------------------------------------------------------------------------------
artifactory.publish.contextUrl=xxxx
artifactory.publish.ivy.m2compatible=xxxx
buildInfo.env.JenkinsScripts=xxxx
buildInfo.env.APP_DB_USER=xxxx
artifactory.publish.record.all.dependencies=xxxx
buildInfo.env.JOB_NAME=xxxx
artifactory.resolve.password=XXXXX
artifactory.publish.ivy.m2compatible=xxxx
buildInfo.env.JenkinsScripts=xxxx
buildInfo.env.APP_DB_USER=xxxx
artifactory.publish.record.all.dependencies=xxxx
buildInfo.env.JOB_NAME=xxxx
artifactory.resolve.password=XXXXX
---------------------------------------------------------------------------------
Since this is an delivery pipeline configured, we use "Environment Injector" & the "Mask Passwords" plugin which masks the password in the Jenkins UI console logs but not sure why the credentials are exposed and readable in the buildInfoxxxx.properties file.
So I have two questions:
- Is there any way that we can mask the information for credentials in the buildInfoxxxx.properties file?
- Can the build automatically cleanup the buildInfoxxxx.properties after the build completes as there are lots of files being leftover in the /tmp directory filling up the disk space and are cleaned up through an automated script?
Any suggestions/comments are greatly appreciated. Thanks!
Makarand Jadhav
Feb 13, 2017, 12:12:11 PM2/13/17
to Jenkins Users
Still not able to figure out a way if we can mask the credentials in the buildInfoxxxx.properties from the Jenkins Job.
Can anyone have this issue or provide any inputs?
Reply all
Reply to author
Forward
0 new messages