Pages

Wednesday, March 6, 2019

Jenkins - Decrypt Credentials

Most of the communication with external tools from Jenkins are done by configuring a credentials to access the tool. We first configure the credentials with the tool username and password or a ssh key. We then use that credential ID which helps in connecting to the tool.

Sometimes there may be cases where we forget about the credentials that we configured either it can be user name or password or other. Jenkins provides us a way to encrypt and decrypt credentials using Grrovy code.

The credentials that we configure are saved in the credentials.xml file in the Jenkins home directory ( /var/jenkins/ ). If we take a look at the credentials.xml file we can see that each of the credentials that we define are available here. The elements starts from

         GLOBAL
         root-password
         root-password
         root
         {AQAAABAAAAAQWG7+E2gb06CKPCHsgTNNeC7xIZ4EIkRCFNZOEKAyDZs=}
       

Now the text between the elements is the password that we configured but encrypted. We can copy this go to the “Manage Jenkins -> Script Console”

And enter the code as - println(hudson.util.Secret.fromString("{AQAAABAAAAAQWG7+E2gb06CKPCHsgTNNeC7xIZ4EIkRCFNZOEKAyDZs=}").getPlainText())

This will print the result at the bottom with the plain text password. The syntax look as, println(hudson.util.Secret.fromString("").getPlainText())

If we want to encrypt the value we can use the same code as,
println(hudson.util.Secret.fromString("some_text").getEncryptedValue())

Hope this helps.

No comments :

Post a Comment