问题描述

在Jenkinsfile中定义了密码属性时:

When a password property is defined in a Jenkinsfile:

properties([
    parameters([
        password(name: 'KEY', description: 'Encryption key')
    ])
])

Jenkins每次执行管道时都会提示用户提供其值:

Jenkins prompts users to provide its value every time the pipeline is executed:

我希望屏蔽此参数，以便echo ${KEY}不打印用户传递的实际值.但是，此刻回显它会逐字打印所提供的值:

I want this parameter to be masked so that echo ${KEY} does not print the actual value passed by the user. However, at the moment echoing it prints the provided value verbatim:

properties([
    parameters([
        password(name: 'KEY', description: 'Encryption key')
    ])
])

node {
    stage('Stage 1') {
        # Will print the actual value of the KEY, verbatim
        sh "echo ${KEY}"
    }
}

此外，Mask Passwords插件似乎不适用于Jenkins管道，因此使用它不是一种选择.

Also it seems that the Mask Passwords plugin does not work with Jenkins pipelines, so using that is not an option.

是否可以在构建日志中屏蔽这些密码类型的参数?

Is there a way to mask these password-typed parameters in the build logs?

推荐答案

您将要使用屏蔽密码插件.这是来自我的共享管道库的Jenkinsfile示例.

You'll want to use the mask passwords plugin. Here's a Jenkinsfile example taken from my shared pipeline library.

properties([
    parameters([
        password(name: 'KEY', description: 'Encryption key')
    ])
])

node {
    stage('Stage 1') {
       // Will print the masked value of the KEY, replaced with ****
       wrap([$class: 'MaskPasswordsBuildWrapper', varPasswordPairs: [[var: 'KEY', password: KEY]], varMaskRegexes: []]) {
            sh "echo ${KEY}"
        }
    }
}

除了关于withCredentials的现有建议以外，没有太多要添加的内容.但是，您要通过模板自动生成作业，并且要设置默认密码，那么您可能想利用hudson.util.Secret来保护模板.

Other than existing suggestions on withCredentials, there's not much to add. However, of you're automatically generating your jobs via templates and you're setting a default password, then you might want to make use of hudson.util.Secret to secure your templates.

这篇关于如何在Jenkins Pipeline项目中屏蔽密码字段?的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持！