Logo Questions Linux Laravel Mysql Ubuntu Git Menu
HTML CSS JAVASCRIPT SQL PYTHON PHP BOOTSTRAP JAVA JQUERY R React Kotlin
 

Extract passphrase from Jenkins' credentials.xml

Tags:

jenkins

I have added an SSH credential to Jenkins.

Unfortunately, I have forgotten the SSH passphrase and would now like to obtain it from Jenkins' credential archive, which is located at ${JENKINS_HOME}/credentials.xml.

That XML document seems to have credentials encrypted in XML tags <passphrase> or <password>.

How can I retrieve the plaintext passphrase?

like image 932
Abdull Avatar asked Jun 07 '16 15:06

Abdull

People also ask

How do I find my Jenkins credential password?

And in order to get the password value of ${ENCRYPTED_PASSPHRASE_OR_PASSWORD} : go to credentials, update, in the browser "See source code" and you will get the encrypted password in the data field for password. Then use that function.

How do I unmask a password in Jenkins?

Go to the jenkins workspace and look inside the file. The token will be present in plain text there. Further easy way will be to print the base64 encoded value of the credential and then decode it.

Where is credentials XML on Jenkins?

Although most credentials are stored in http://localhost:8080/credentials/ view, you can find additional secrets in: http://localhost:8080/configure - some plugins create password type fields in this view. http://localhost:8080/configureSecurity/ - look for stuff like AD credentials.

2 Answers

Open your Jenkins' installation's script console by visiting http(s)://${JENKINS_ADDRESS}/script.

There, execute the following Groovy script:

println( hudson.util.Secret.decrypt("${ENCRYPTED_PASSPHRASE_OR_PASSWORD}") )

where ${ENCRYPTED_PASSPHRASE_OR_PASSWORD} is the encrypted content of the <password> or <passphrase> XML element that you are looking for.

like image 190
Abdull Avatar answered Sep 28 '22 19:09

Abdull

First, you need to get the encrypted value which is conveniently placed in the value attribute of the password field of that credentials item you are interested in. Navigate to the credentials item in Jenkins UI you, click Inspect Element on the password field, and copy its value attribute (something like {AQAABAAAa6VBbyzg5AWMW2RnfaBaj46}

Then, go to JENKINS_URL/script and execute println( hudson.util.Secret.decrypt("{AQAABAAAa6VBbyzg5AWMW2RnfaBaj46}") ); decrypted password appears under the input field

like image 23
Leo Toff Avatar answered Sep 28 '22 19:09

Leo Toff
Sign in to Comment

Related questions

Finding IP of a Jenkins node
How to use multiple credentials in withCredentials in Jenkins Pipeline
Jenkins Pipeline sh display name/label
Git - What is "Refspec"
Jenkins/Hudson - accessing the current build number?
What shell does Jenkins use?
How do I make a Jenkins job start after multiple simultaneous upstream jobs succeed?
SonarQube not picking up Unit Test Coverage
Abort current build from pipeline in Jenkins
Jenkins in Windows shows UI in russian language
Get git branch name in Jenkins Pipeline/Jenkinsfile
Restricting visibility of Jenkins jobs to specific users
Show a Jenkins pipeline stage as failed without failing the whole job
How to invoke a jenkins pipeline A in another jenkins pipeline B
What is the difference between Hudson and CruiseControl for Java projects?
Run bash command on jenkins pipeline
Echo off in Jenkins Console Output
Jenkins: 403 No valid crumb was included in the request
Jenkins: Ignore failure in pipeline build step
Jenkins pipeline if else not working

Donate For Us

If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!