[JIRA] (JENKINS-18342) jnlpCredentials exposed on slave.jar command-line

[smekkley-1@gmx.com (JIRA)]

smekkley smekkley commented on JENKINS-18342

Re: jnlpCredentials exposed on slave.jar command-line Can we at least try to support environment variables for these parameters? It's ridiculous that you can see secrets from the process name. Add Comment

This message was sent by Atlassian Jira (v7.11.2#711002-sha1:fdc329d)

[jthompson@cloudbees.com (JIRA)]

Jeff Thompson commented on JENKINS-18342

Re: jnlpCredentials exposed on slave.jar command-line

The capability is already there, it's just not well documented. It's built into the command-line processing library the Remoting agent library uses. If a command-line argument begins with a '@' (ampersand), then the rest of that argument is interpreted as the path to a file. Each line in the file is inserted as a command-line argument. Using the `-secret` parameter, you would create a file with a single line containing the secret key. Then reference it in the command-line something like this: "java  -jar agent.jar -jnlpUrl  -secret @</path/to/secret/file>". You could also create a four line file something like this: -jnlpUrl http://somewhere/xx.jnlp -secret <SECRET> and then invoke it like this: "java -jar agent.jar @</path/to/arguments/file>" It would be nice to assemble some better documentation on this if someone gets a chance. I've got a note to do it if I can get the time.

Add Comment

[jthompson@cloudbees.com (JIRA)]

Jeff Thompson edited a comment on JENKINS-18342

Re: jnlpCredentials exposed on slave.jar command-line

The capability is already there, it's just not well documented. It's built into the command-line processing library the Remoting agent library uses.

If a command-line argument begins with a '@' ( ampersand at symbol ), then the rest of that argument is interpreted as the path to a file. Each line in the file is inserted as a command-line argument.

Using the `-secret` parameter, you would create a file with a single line containing the secret key. Then reference it in the command-line something like this: "java  -jar agent.jar -jnlpUrl  -secret @</path/to/secret/file>". You could also create a four line file something like this:

{quote}

-jnlpUrl [http://somewhere/xx.jnlp] -secret <SECRET>

{quote}

and then invoke it like this: "java -jar agent.jar @</path/to/arguments/file>" It would be nice to assemble some better documentation on this if someone gets a chance. I've got a note to do it if I can get the time.

Add Comment

[smekkley-1@gmx.com (JIRA)]

smekkley smekkley commented on JENKINS-18342

Re: jnlpCredentials exposed on slave.jar command-line

It works. Thank you.  You actually see from jenkins ui that you have to run it in a full command line. It's probably better that the example command there gets replaced. People would just run it blindly following the example.

Add Comment