(This is discussing a class of potential security issues -- if you want to 
mention how it's a problem in a specific plugin, please report to our secure 
tracker instead. Thanks!)

Hi everyone,

I've just posted another security advisory:

This advisory is about a plugin not storing secrets as such on disk. The same 
issue in a different plugin was already fixed yesterday.

This email is intended as a reminder: Please make sure to store secrets in your 
plugin either…

1. As Secret: http://javadoc.jenkins.io/hudson/util/Secret.html
2. Integrating with Credentials Plugin: 

Either works and achieves the following goals:

1. Other users with local file system access to JENKINS_HOME (questionable, but 
probably common) can't access the secrets/ directory, and therefore not decrypt 
2. Backups that exclude the secrets/ directory don't compromise secrets even if 
the backups are made accessible to unauthorized people. This also applies to 
job config history plugin, SCM sync configuration plugin, and similar.
3. No secrets get round-tripped in plain text and show up in the DOM etc. 
exposing them for example to evil browser plugins.

Going from String to Secret first (to quickly fix the exposure), integrating 
with credentials later (usually better, but more work), is also a viable 
approach. There's no reason to not at least go with the former.

If you maintain a plugin and it currently stores secrets in plain text, and you 
need help fixing it, file an issue in the SECURITY project in Jira, and we (the 
security team) will try to help.


You received this message because you are subscribed to the Google Groups 
"Jenkins Developers" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to jenkinsci-dev+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
For more options, visit https://groups.google.com/d/optout.

Reply via email to