Is it possible to provide a secret to a job that won't be stored on disk by Jenkins
96 views
Skip to first unread message
Mathieu Garstecki
May 10, 2016, 10:38:27 AM5/10/16
to Jenkins Users
Hi,
I have a parameterized job that takes a secret as parameter (specifically an Ansible vault password). This secret is so secret that I would like Jenkins to not persist it on disk.
My basic solution was to use a password parameters in a parameterized build, but they get stored (not in plaintext, but still) in build.xml in the job's history.
Binding a credential to the job does not fit the bill either, as the credential itself will be stored in credentials.xml.
Is there a way to pass a secret without seeing it persisted ? Some plugin maybe ?
This could be done with a "unpersisted password" parameter type, but I don't know if that's possible (or has been implemented by anyone).
I'm using Jenkins v1.642.3.
Regards,
Mathieu Garstecki
I have a parameterized job that takes a secret as parameter (specifically an Ansible vault password). This secret is so secret that I would like Jenkins to not persist it on disk.
My basic solution was to use a password parameters in a parameterized build, but they get stored (not in plaintext, but still) in build.xml in the job's history.
Binding a credential to the job does not fit the bill either, as the credential itself will be stored in credentials.xml.
Is there a way to pass a secret without seeing it persisted ? Some plugin maybe ?
This could be done with a "unpersisted password" parameter type, but I don't know if that's possible (or has been implemented by anyone).
I'm using Jenkins v1.642.3.
Regards,
Mathieu Garstecki
Stephen Connolly
May 10, 2016, 4:35:10 PM5/10/16
to jenkins...@googlegroups.com
The CredentialsProviders are plugable. If you wrote an in-memory credential provider that would probably fit your needs
--
You received this message because you are subscribed to the Google Groups "Jenkins Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email to jenkinsci-use...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/jenkinsci-users/023428d7-ebf7-4af5-ae98-eb87209f5d06%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
Reply all
Reply to author
Forward
0 new messages