bash 如何从 jenkins shell 输出中隐藏密码
声明:本页面是StackOverFlow热门问题的中英对照翻译,遵循CC BY-SA 4.0协议,如果您需要使用它,必须同样遵循CC BY-SA许可,注明原文地址和作者信息,同时你必须将它归于原作者(不是我):StackOverFlow
原文地址: http://stackoverflow.com/questions/23606922/
Warning: these are provided under cc-by-sa 4.0 license. You are free to use/share it, But you must attribute it to the original authors (not me):
StackOverFlow
How to hide password from jenkins shell output
提问by Steelflax
I have two scripts first on file system,second into jenkins job. Second script calling the first and passed parameters into it. Parameters contains password parameter. How can I hide password into logs? I have tried to hide output by using exec command but problem wasn't solved.
我首先在文件系统上有两个脚本,第二个是 jenkins 工作。第二个脚本调用第一个并将参数传递给它。参数包含密码参数。如何将密码隐藏到日志中?我试图通过使用 exec 命令隐藏输出,但问题没有解决。
回答by l0b0
The Mask Passwords plugindoes just that.
该面具密码插件做到了这一点。
回答by RohitLucky
Please find below my findings with solution [without using Mask Passwords plugin]:
请在我的发现下面找到解决方案[不使用掩码密码插件]:
Brief Description about my jenkins job:I wrote a job which downloads the artifacts from Nexus based on the parameters given at run-time and then makes a Database SQL connection and deploy the SQL scripts using maven flyway plugin. My job takes - Environment, Database Schema, Artifact version number, Flyway command, Database User and it's password as input parameters.
关于我的 jenkins 工作的简要描述:我写了一个工作,它根据运行时给出的参数从 Nexus 下载工件,然后建立数据库 SQL 连接并使用 maven flyway 插件部署 SQL 脚本。我的工作需要 - 环境、数据库架构、工件版本号、Flyway 命令、数据库用户及其密码作为输入参数。
Brief Background about problem:While passing the PASSWORD as MAVEN GOAL (Parameter), it was coming in Jenkins Console as a plain text. Although I was using "Password Parameter" to pass the password at run-time but then also it was coming as plain text in console.
关于问题的简要背景:在将 PASSWORD 作为 MAVEN GOAL(参数)传递时,它以纯文本形式出现在 Jenkins 控制台中。虽然我在运行时使用“密码参数”来传递密码,但它也以纯文本形式出现在控制台中。
I tried to use the "secret text" to encrypt the password but then my job started failing because the encrypted password was getting passed to Maven Goals, which was not able to connect to DB.
我试图使用“秘密文本”来加密密码,但后来我的工作开始失败,因为加密的密码被传递给了无法连接到数据库的 Maven 目标。
Solution:
解决方案:
I used "Inject passwords to the build as environment variables"from Build Environment and defined its value as my "password parameter" (my password parameter name was db_password) which I am passing as parameter at run-time (eg.: I defined my inject password value as : ${db_password} ).
我使用了 Build Environment 中的“将密码作为环境变量注入构建”,并将其值定义为我的“密码参数”(我的密码参数名称是 db_password),我在运行时将其作为参数传递(例如:我定义了我的将密码值注入为:${db_password})。
And this is working as expected. The password which I am passing while running my job is coming as [*******]
这是按预期工作的。我在运行我的工作时传递的密码是 [*******]
[console log: Executing Maven: -B -f /work/jenkins_data/workspace/S2/database-deployment-via-flyway-EDOS/pom.xml clean compile -Ddb=UAT_cms_core -DdatabaseSchema=cms-core -Dmode=info -DdeploymentVersion=1.2.9 -Ddb_user=DB_USER -Ddb_password=[*******] ]
[控制台日志:执行Maven:-B -f /work/jenkins_data/workspace/S2/database-deployment-via-flyway-EDOS/pom.xml clean compile -Ddb=UAT_cms_core -DdatabaseSchema=cms-core -Dmode=info - DdeploymentVersion=1.2.9 -Ddb_user=DB_USER -Ddb_password=[*******] ]
