我正在使用 Credentials 和 CredentialBinding 来屏蔽传递给“bat”的凭据,以便在“net use”中使用,通过 groovy 脚本连接到共享。不幸的是,密码暴露在控制台日志中:
withCredentials([
usernamePassword(
credentialsId: credentialsId,
passwordVariable: 'PASSWORD',
usernameVariable: 'USER'
)
]) {
def user = this.env['USER'];
def password = this.env['PASSWORD'];
bat "net use \\\\$server $PASSWORD /user:$user /persistent:yes"
bat "net use"
}
我也尝试在单引号中使用 %PASSWORD% ,但字符串没有在“net use”中插入。 如果有什么问题请告诉我。
你能分享一下你得到的日志吗(显然密码被删除了) 因为如果您有相当新的版本,即使传递到其他进程,
withCredentials
也应该自动屏蔽
例如
steps {
withCredentials([
usernamePassword(
credentialsId: "MY_CREDENTIALS",
passwordVariable: 'PASSWORD',
usernameVariable: 'USER'
)
]) {
sh "echo $PASSWORD"
echo USER
}
}
仍会隐藏密码
[Pipeline] withCredentials
Masking supported pattern matches of $USER or $PASSWORD
[Pipeline] {
[Pipeline] sh
Warning: A secret was passed to "sh" using Groovy String interpolation, which is insecure.
Affected argument(s) used the following variable(s): [PASSWORD]
See https://jenkins.io/redirect/groovy-string-interpolation for details.
+ echo ****
****
[Pipeline] echo
****
[Pipeline] }
[Pipeline] // withCredentials
当您可以直接使用 $PASSWORD 和 $USER 时,这些行是做什么用的
def user = this.env['USER'];
def password = this.env['PASSWORD'];