Menu
I am modifying an xml of a Jenkins job. There is a field which is a password. When I get the xml, where it was the raw password now there is a hash.
What I need is to know how to create this hash from the raw password value.
<scm class="com.deluan.jenkins.plugins.rtc.JazzSCM"> <username>user</username> <password>zlvnUMF1/hXwe3PLoitMpQ6BuQHBJ1FnpH7vmMmQ2qk=</password> </scm> I have been reading Jenkins source code and I think the class HudsonPrivateSecurityRealm.java is involved but I am not sure about the salt parameter.
PS: This is not for the Jenkins password is for a plugin which in the job configuration it has a password field.
301
This password is stored inside the file initialAdminPassword , which is located inside your jenkins_home directory. The file, along with its full path, is displayed on the Jenkins page, as shown in the following screenshot: On Windows: You can find the file under C:\Program Files (x86)\Jenkins\secrets .
Credential security To maximize security, credentials configured in Jenkins are stored in an encrypted form on the controller Jenkins instance (encrypted by the Jenkins instance ID) and are only handled in Pipeline projects via their credential IDs.
Listing ids of secrets Before you ask Jenkins for a credential you need to know its id. You can list all credentials ids by reading the $JENKINS_HOME/credentials. xml file.
In fact, it's not a hash but rather an encrypted password. I guess encryption keys are stored in the master node. Actually, you can decrypt the password by executing following groovy script on master's script console
import hudson.util.Secret def secret = Secret.fromString("zlvnUMF1/hXwe3PLoitMpQ6BuQHBJ1FnpH7vmMmQ2qk=") println(secret.getPlainText()) and if you want to encrypt the password, then
import hudson.util.Secret def secret = Secret.fromString("your password") println(secret.getEncryptedValue()) A password encrypted on a computer can be decrypted only on that particular computer since keys are randomly generated and obviously on different machines the keys are different.
Check out core/src/main/java/hudson/util/Secret.java for more details
114
Another possibility would be to execute a Groovy script via Jenkins Groovy console (you can reach it via JENKINS_URL/script):
println(hudson.util.Secret.decrypt("zlvnUMF1/hXwe3PLoitMpQ6BuQHBJ1FnpH7vmMmQ2qk=")) Some other ways would be possible with python:
https://github.com/tweksteen/jenkins-decrypt
https://gist.github.com/menski/8f9980999ed43246b9b2
21
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
