Dollar sign in credentials broken for declarative pipelines

[red 888]

This is my password: "ASD123$567"

This doesn't work

withCredentials([usernamePassword(credentialsId: 'creds',
    usernameVariable: 'myuser', passwordVariable: 'mypass')]) {
    sh "some command --username ${svnuser} --password ${mypass}"
}

What i see in the output is mypass is not obfuscated and most importantly it looks like its getting cut off after the "$" so its only showing ASD123

[Slide]

Can you file an issue in JIRA?

--
You received this message because you are subscribed to the Google Groups "Jenkins Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email to jenkinsci-use...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/jenkinsci-users/16bfd2b1-ad71-4326-ac3c-7693b9c71331%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[Mark Waite]

Are you sure that's really a bug?

If the value of mypass is 'ASD123$567' and that is passed as an environment variable to the shell, won't the shell see the '$567' and attempt to expand an environment variable named '567'?  The expansion of $567 is probably the empty string.

If '$' and other special characters are embedded in the password, aren't surrounding quotes needed around the expanded result to assure it is not interpreted by the shell?

Mark Waite

To view this discussion on the web visit https://groups.google.com/d/msgid/jenkinsci-users/CAPiUgVf9g8GN2BPSGdt9jSR1t%2Bj7%2BzoC%2B711cPQzOO1duu6WYQ%40mail.gmail.com.

[niristotle okram]

I just had this a couple of days back in a shell script. I had to place the password string (which have the $) within a quote. 

But can we put the quotes in the password field of the jenkins credentials page, wont it not treat the quote as a part of the password string? I haven’t tested it though. 

To view this discussion on the web visit https://groups.google.com/d/msgid/jenkinsci-users/CAO49JtGpVxCy1LzOh2KATKNktvnWCYUDEzRnXeQyjN3VAW0iDA%40mail.gmail.com.

For more options, visit https://groups.google.com/d/optout.

--

Sent from mobile device, excuse typos if any.

[red 888]

You are 100% correct, i was confused about what was actually happening here ( so may layers of parsing!).

So thanks to this SO answer I can see there are two ways to handle this:

environment{
    CRED = credentials('mycreds')
}
steps {
    sh "some command blahb blah blah" +
        //This works, because i guess bash is smart enough to escape $ in environment variables?
        '--username ${CRED_USR} --password  ${CRED_PSW}'

    // ====== OR ======

    sh "some command blahb blah blah" +
        //Passing in the var directly, like you said, requires I tell bash this is a literal string
        "--username '${CRED_USR}' --password  '${CRED_PSW}'"

Also, just an aside, I saw nowhere in the docs that usernamePassword binding was supported in environment{} or how it worked. That should be in the docs somewhere if it isn't.