Menu
I'm getting this Warning: A secret was passed to "httpRequest" using Groovy String interpolation, which is insecure using the first example here. I made this keyvar = credentials('key_id') as an environmental variable and put it in something like this
def response = httpRequest url: "https://url...",
customHeaders: [[name: 'Authorization', value: "${keyvar}"]]...
Which works but is not how it should be properly done as described in this documentation, so following that I tried what it suggested here, using single quotes and no bracket.
def response = httpRequest url: "https://url...",
customHeaders: [[name: 'Authorization', value: '$keyvar']]...
This solves the first error but now I get Response Code: HTTP/1.1 401 Unauthorized which to me, means that interpolation isn't working within the single quotes as the documentation describes.
906
asked Oct 25 '25 04:10
To make the answer from Matt Schuchard in the comments more clear for future people stumbling upon this - you need to remove the string interpolation and pass the variable directly:
def response = httpRequest url: "https://url...",
customHeaders: [[name: 'Authorization', value: keyvar]]...
This also works for headers that require an additional prefix (e.g. Bearer):
def response = httpRequest url: "https://url...",
customHeaders: [[name: 'Authorization', value: 'Bearer ' + keyvar]]...
is safe, while
def response = httpRequest url: "https://url...",
customHeaders: [[name: 'Authorization', value: "Bearer $keyvar"]]...
is not.
59
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
