(This is discussing a class of potential security issues -- if you want to
mention how it's a problem in a specific plugin, please report to our secure
tracker instead. Thanks!)
I've just posted another security advisory:
This advisory is about a plugin not storing secrets as such on disk. The same
issue in a different plugin was already fixed yesterday.
This email is intended as a reminder: Please make sure to store secrets in your
1. As Secret: http://javadoc.jenkins.io/hudson/util/Secret.html
2. Integrating with Credentials Plugin:
Either works and achieves the following goals:
1. Other users with local file system access to JENKINS_HOME (questionable, but
probably common) can't access the secrets/ directory, and therefore not decrypt
2. Backups that exclude the secrets/ directory don't compromise secrets even if
the backups are made accessible to unauthorized people. This also applies to
job config history plugin, SCM sync configuration plugin, and similar.
3. No secrets get round-tripped in plain text and show up in the DOM etc.
exposing them for example to evil browser plugins.
Going from String to Secret first (to quickly fix the exposure), integrating
with credentials later (usually better, but more work), is also a viable
approach. There's no reason to not at least go with the former.
If you maintain a plugin and it currently stores secrets in plain text, and you
need help fixing it, file an issue in the SECURITY project in Jira, and we (the
security team) will try to help.
You received this message because you are subscribed to the Google Groups
"Jenkins Developers" group.
To unsubscribe from this group and stop receiving emails from it, send an email
To view this discussion on the web visit
For more options, visit https://groups.google.com/d/optout.