How to pass the password to the jenkins build - jenkins

I have a java class where it requires the password of an user which is stored in the local machine of the user, when i trigger the build in master Jenkins, build is failed due to the authentication where it searching for the user password which is not available in the machine.How can i make it generics to the Jenkins to get the build successful.

Set the Environment Variables instead of hard code.
Example:
For each machine, set this variable first
Your local
set PATH_TO_MY_PASSWORD="U:/authentication/pw.txt"
Jenkins
set PATH_TO_MY_PASSWORD="C:/my_jenkins/pw.txt"
Then change your code to:
private static final String PASSWORD_FILE_PATH = System.getenv("PATH_TO_MY_PASSWORD");

Related

How to inject dynamic secret parameters from Jenkins job execute shell script

I am working on jenkins, which has dropdownlist/select list load with set MQ broker details. Each broker have different passwords stored in AWS secrets manger. I have written shell script to fetch password AWS secrets manager, i can able to get the password in execute shell build step.
I tried using mask passwords plugin-> mask passwords and regex, i am using same variable(BR_PASSWORD) defined in mask password option, even in shell script also.
What i provided default value with variables defined in global or password parameter , for default value.
All these options masking defined in default password in console output. But values which are coming trough shell script dynamically is not masking in console out put.
please add an example of your code.
And use groove string 'command ' for mask passwords
sh '$password'

Accessing a Username with Password Credential Parameter from a Jenkins Execute Groovy build step using Groovy command?

Software levels:
Jenkins 2.121.2
Credentials Plugin 2.1.18
Credentials Binding Plugin 1.16
Plain Credentials Plugin 1.4
I am working with a Freestyle project (not a pipeline) and want to use a Groovy command build step for the job's main processing.
I am trying to obtain the userid and password from a user credential so the groovy script can use them for various CLI manipulations. I spent a lot of time searching for answers, but none of the ones I've found worked. Most were not clear, many were geared toward pipelines.
I would greatly appreciate a little guidance at this point.
Here are the gory details.
I created a new parameterized Freestyle project in which I added a Credentials Parameter for a "Username and password" credential. It defaults to one of the credentials that I defined to Jenkins via the Credentials Plugin. I'm not sure this is necessary if the binding selects the credential to use explicitly.
I checked "Use secret text(s) or file(s)" in the Build Environment section, although I'm not certain that is essential for a Username/password style binding.
I added a "Username and password (separated)" binding and set USERID and PASSWORD as the respective variables.
My groovy command window has this sole line:
println("${USERID} ${PASSWORD}")
When I build the job, I get this error:
The both ways will inject the credential into Environment Variable, thus you can access them from Environment Variable in Groovy Script as following for both ways.
def env = System.getenv()
println env['auth']
println env['USERNAME']
println env['PASSSWORD']
But the injected value of the both ways are different.
1) Adding a Credential job parameter for user to choose when run job
In this way, the credentialId is injected, so you not get the username and password.
credentialId example: 1dd4755a-9396-4819-9327-86f25650c7d7
2) Using Credential Bindings
In this way, the username and password are injected, I think this is what you wanted.
def env = System.getenv()
def username = env['USERNAME']
def password = env['PASSSWORD']
def cmd = "curl -u $username:$password ...."
Add a Jenkins Build Step supply by plugin Execute Groovy script
To summarize, the techniques identified by #yong's post will only work with System Groovy Script build steps. The latest plugin and Jenkins levels will obfuscate the credential parameters, so println cannot be used to verify their content by visual inspection.

VSTS secrets as environment variables

In the VSTS build, I set various variables (Edit build -> Variables tab), some I set as secret (click the lock), some I don't.
In the build, I run a command prompt task to run set -- e.g. show me all the environment variables. Those marked as secret aren't present.
How do I get VSTS secrets into environment variables?
Secret variables are:
Encrypted at rest with a 2048-bit RSA key.
Not returned back to the client. They are automatically masked out of
any log output from the build or release.
Not decrypted into environment variables. So scripts and programs run
by your build steps are not given access by default.
Decrypted for access by your build steps. So you can use them in
password arguments and also pass them explicitly into a script or a
program from your build step (for example as $(password)).
So, Secure variables need to be passed in to tasks as inputs. Check this case: How to add secret variable as task environment variable in VSTS

How to hide passwords on Jenkins console output?

I have a job to be triggered by developers where they have to put their AD's before triggering build. But thoes passwords are displayed on console output. I have tried mask passwords plugin. But the problem is I cannot store all developers AD's in job configuration.
Please suggest me any solution.
Please find below my findings with solution [without using Mask Passwords plugin]:
Brief Description about my jenkins job:
I wrote a job which downloads the artifacts from Nexus based on the parameters given at run-time and then makes a Database SQL connection and deploy the SQL scripts using maven flyway plugin. My job takes - Environment, Database Schema, Artifact version number, Flyway command, Database User and it's password as input parameters.
Brief Background about problem:
While passing the PASSWORD as MAVEN GOAL (Parameter), it was coming in Jenkins Console as a plain text.
Although I was using "Password Parameter" to pass the password at run-time but then also it was coming as plain text in console.
I tried to use the "secret text" to encrypt the password but then my job started failing because the encrypted password was getting passed to Maven Goals, which was not able to connect to DB.
Solution:
I used "Inject passwords to the build as environment variables" from Build Environment and defined its value as my "password parameter" (my password parameter name was db_password) which I am passing as parameter at run-time (eg.: I defined my inject password value as : ${db_password} ).
And this is working as expected. The password which I am passing while running my job is coming as [*******]
[console log:
Executing Maven: -B -f /work/jenkins_data/workspace/S2/database-deployment-via-flyway-EDOS/pom.xml clean compile -Ddb=UAT_cms_core -DdatabaseSchema=cms-core -Dmode=info -DdeploymentVersion=1.2.9 -Ddb_user=DB_USER -Ddb_password=[*******]
]
Regards,
Rohit Rajpoot
Here's an answer I just came across in the Jenkins documentation:
Normally you will start your script with
set +x
so that commands you run are not echoed to the log, in case you
mention the values of secrets in those commands.

Using parameterized credentials in Jenkins

Say I've got dev, qa, and stable server environments for some web app, with corresponding git branches. Each environment should be continuously integrated. Each of these environments has a separate username/password pair used to publish the app. I would like to make a Jenkins multiconfiguration (matrix) job to publish to all of these environments. The publishing almost certainly must be done with a shell script.
My failed attempt consisted of using the Jenkins Credentials and Credentials Binding plugins. Credentials Binding provides a way to inject credentials as environment variables using a parameter. However, setting this parameter dynamically (i.e., something like if ENV == dev: CREDS = CREDS_dev) doesn't appear to be possible. Build scripts happen afterwards, and even using the Environment Script plugin doesn't work.
Is there any way for this to happen?
Had similar situation and used groovy script with parameterized build (https://wiki.jenkins-ci.org/display/JENKINS/EnvInject+Plugin). In my case I had a choice parameter defined as "DEPLOY" and had different values, like "Test", "Release", then in the following groovy script (Evaluated Groovy script):
if ("Test".equals(DEPLOY)) {def map = [DEPLOY_URL: "http://someurl", DEPLOY_STORAGE: "testaccount"]; return map }
You should be able to specify your credentials in here or copy env variables. After that you can access these variables in windows batch command using:
echo %DEPLOY_URL%
echo %DEPLOY_STORAGE%
I also had another choice parameter defined "Deploy.Branch", with values of "dev" and "master". And used it as a parameter to Branches to Build, the value was set to (if you want to dynamically specify branch based on parameters):
*/${Deploy.Branch}
Hope this helps.
Here's what I ended up doing. It's kind of a workaround for what I would argue is a flawed design or missing use case in Jenkins.
Redid my creds so they have standard IDs (this is in the Advanced part and you can't set it after creation)
Matrix job runs a trivial script to figure out what env maps to what creds ID, then triggers...
The main job that does the deployment

Resources