Still not able to figure out a way if we can mask the credentials in the buildInfoxxxx.properties from the Jenkins Job. Can anyone have this issue or provide any inputs?
On Tuesday, February 7, 2017 at 12:58:24 PM UTC, Makarand Jadhav wrote: > Hi, > > We have been using gradle build tool(Gradle Plugin) for compiling the > source code and then using the Artifactory plugin(Gradle-Artifactory > Integration) for publishing the artifacts to the Artifactory server from > the Jenkins server. > Our server administrator reported that there are lot of > buildInfoxxxx.properties on /tmp directory(where xxxx is any arbitrary > number generated by build) on Jenkins server and its been observed that > contents of buildInfoxxxx.properties are exposing the credentials of some > of the resources accessed during the build & deploy process(e.g.: > credentials of Artifactory, DB, Shared drives etc.). The excerpt of > contents of buildInfoxxxx.properties(many lines deleted & masked) is as > below: > > ------------------------------------------------------------------------------ > artifactory.publish.contextUrl=xxxx > artifactory.publish.ivy.m2compatible=xxxx > buildInfo.env.JenkinsScripts=xxxx > buildInfo.env.APP_DB_USER=xxxx > artifactory.publish.record.all.dependencies=xxxx > buildInfo.env.JOB_NAME=xxxx > artifactory.resolve.password=XXXXX > > --------------------------------------------------------------------------------- > > Since this is an delivery pipeline configured, we use "Environment > Injector" & the "Mask Passwords" plugin which masks the password in the > Jenkins UI console logs but not sure why the credentials are exposed and > readable in the buildInfoxxxx.properties file. > > So I have two questions: > > 1. Is there any way that we can mask the information for credentials > in the buildInfoxxxx.properties file? > 2. Can the build automatically cleanup the buildInfoxxxx.properties > after the build completes as there are lots of files being leftover in the > /tmp directory filling up the disk space and are cleaned up through an > automated script? > > Any suggestions/comments are greatly appreciated. Thanks! > -- You received this message because you are subscribed to the Google Groups "Jenkins Users" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/d/msgid/jenkinsci-users/1ffe83b6-5b37-4170-b446-718b4d1554f1%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
