Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

Extract passphrase from Jenkins' credentials.xml

Tags:

jenkins

I have added an SSH credential to Jenkins.

Unfortunately, I have forgotten the SSH passphrase and would now like to obtain it from Jenkins' credential archive, which is located at ${JENKINS_HOME}/credentials.xml.

That XML document seems to have credentials encrypted in XML tags <passphrase> or <password>.

How can I retrieve the plaintext passphrase?

like image 932
Abdull Avatar asked Jun 07 '16 15:06

Abdull


People also ask

How do I find my Jenkins credential password?

And in order to get the password value of ${ENCRYPTED_PASSPHRASE_OR_PASSWORD} : go to credentials, update, in the browser "See source code" and you will get the encrypted password in the data field for password. Then use that function.

How do I unmask a password in Jenkins?

Go to the jenkins workspace and look inside the file. The token will be present in plain text there. Further easy way will be to print the base64 encoded value of the credential and then decode it.

Where is credentials XML on Jenkins?

Although most credentials are stored in http://localhost:8080/credentials/ view, you can find additional secrets in: http://localhost:8080/configure - some plugins create password type fields in this view. http://localhost:8080/configureSecurity/ - look for stuff like AD credentials.


2 Answers

Open your Jenkins' installation's script console by visiting http(s)://${JENKINS_ADDRESS}/script.

There, execute the following Groovy script:

println( hudson.util.Secret.decrypt("${ENCRYPTED_PASSPHRASE_OR_PASSWORD}") ) 

where ${ENCRYPTED_PASSPHRASE_OR_PASSWORD} is the encrypted content of the <password> or <passphrase> XML element that you are looking for.

like image 190
Abdull Avatar answered Sep 28 '22 19:09

Abdull


First, you need to get the encrypted value which is conveniently placed in the value attribute of the password field of that credentials item you are interested in. Navigate to the credentials item in Jenkins UI you, click Inspect Element on the password field, and copy its value attribute (something like {AQAABAAAa6VBbyzg5AWMW2RnfaBaj46}

Then, go to JENKINS_URL/script and execute println( hudson.util.Secret.decrypt("{AQAABAAAa6VBbyzg5AWMW2RnfaBaj46}") ); decrypted password appears under the input field

like image 23
Leo Toff Avatar answered Sep 28 '22 19:09

Leo Toff