[JIRA] (JENKINS-12423) Password masked by Mask Passwords are visible when using envinject plugin

Fri, 11 May 2012 08:18:27 -0700 

    [ 
https://issues.jenkins-ci.org/browse/JENKINS-12423?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=162686#comment-162686
 ] 

Natalia Naumova edited comment on JENKINS-12423 at 5/11/12 3:17 PM:
--------------------------------------------------------------------

Gregory- thanks for the explanation, but it doesn't work for me. 
I tried to use 'Build Environment > Inject passwords to the build as 
environment variables' configuration, but the passwords are still displayed in 
plain text on the "Injected Environment Variables" page.
How can I hide them there? It's really a very important thing for us..

P.S.: they are masked on console page though. 
P.P.S.: noticed that they are visible only when job is running. When the job is 
finished - that the password variable is displayed like a hash. Is it secure?
                
      was (Author: nnau):
    Gregory- thanks for the explanation, but it doesn't work for me. 
I tried to use 'Build Environment > Inject passwords to the build as 
environment variables' configuration, but the passwords are still displayed in 
plain text on the "Injected Environment Variables" page.
How can I hide them there? It's really a very important thing for us..

P.S.: they are masked on console page though. 
                  
> Password masked by Mask Passwords are visible when using envinject plugin
> -------------------------------------------------------------------------
>
>                 Key: JENKINS-12423
>                 URL: https://issues.jenkins-ci.org/browse/JENKINS-12423
>             Project: Jenkins
>          Issue Type: Bug
>          Components: envinject, mask-passwords, perforce
>         Environment: envinject        1.9
> mask-passwords        2.7.2
> Jenkins ver. 1.424.1
> Windows
> Perforce plugin 1.3.7
>            Reporter: Roger Myung
>            Assignee: Gregory Boissinot
>
> If I use the mask-passwords plugin to create a masked password, and also use 
> the envinject plugin to setup an environment, the masked password is visible 
> from the "Injected Environment Variables" link for each build.

--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators: 
https://issues.jenkins-ci.org/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira

Reply via email to