可以将文章内容翻译成中文,广告屏蔽插件可能会导致该功能失效(如失效,请关闭广告屏蔽插件后再试):
问题:
I'm trying to mask a password in my Jenkins build.
I have been trying the mask-passwords plugin.
However, this doesn't seem to work with my Jenkins pipeline script, because if I define the password PASSWD1 and then I use it in the script like this ${PASSWD1}, I am getting:
No such DSL method '$' found among steps [addToClasspath, ansiColor, ansiblePlaybook, ....]
If I use env.PASSWD1, then its value will be resolved to null.
So how should I mask a password in a Jenkins pipeline script?
回答1:
The simplest way would be to use the Credentials Plugin.
There you can define different types of credential, whether it's a single password ("secret text"), or a file, or a username/password combination. Plus other plugins can contribute other types of credentials.
When you create a credential (via the Credentials link on the main Jenkins page), make sure you set an "ID". In the example below, I've called it my-pass. If you don't set it, it will still work, Jenkins will allocate an opaque UUID for you instead.
In any case, you can easily generate the required syntax with the snippet generator.
withCredentials([string(credentialsId: 'my-pass', variable: 'PW1')]) { echo "My password is '${PW1}'!" }
This will make the password available in the given variable only within this block. If you attempt to print the password, like I do here, it will be masked.
回答2:
Looking at this issue, https://issues.jenkins-ci.org/browse/JENKINS-27392, you should be able to do the following:
node { wrap([$class: 'MaskPasswordsBuildWrapper', varPasswordPairs: [[password: '123ADS', var: 'SECRET']]]) { echo env['SECRET']; } }
However, if you look at the last comments in that issue it doesn't work, seems like a bug. However, if you know the secret and accidentally print int in the logs, the it is hidden, like this:
node { wrap([$class: 'MaskPasswordsBuildWrapper', varPasswordPairs: [[password: '123ADS', var: 'SECRET']]]) { echo "123ADS"; } }
This produces:
[Pipeline] node Running on master in workspace/pl [Pipeline] { [Pipeline] wrap [Pipeline] { [Pipeline] echo ******** [Pipeline] } [Pipeline] // wrap [Pipeline] } [Pipeline] // node [Pipeline] End of Pipeline Finished: SUCCESS
Regarding the error you are getting, No such DSL method '$' found among steps ..., I'm just guessing but you are probably using ${VAR} directly in the pipeline script, ${...} is only relevant inside strings in groovy.
EDIT: Or you can use the Credentails Plugin and pipeline step withCredentials:
// Credential d389273c-03a0-45af-a847-166092b77bda is set to a string secret in Jenkins config. node { withCredentials([string(credentialsId: 'd389273c-03a0-45af-a847-166092b77bda', variable: 'SECRET')]) { bat """ if ["${SECRET}"] == ["123ASD"] echo "Equal!" """; } }
This results in:
[Pipeline] node Running on master in workspace/pl [Pipeline] { [Pipeline] withCredentials [Pipeline] { [Pipeline] bat [pl] Running batch script workspace/pl>if ["****"] == ["****"] echo "Equal!" "Equal!" [Pipeline] } [Pipeline] // withCredentials [Pipeline] } [Pipeline] // node [Pipeline] End of Pipeline Finished: SUCCESS
Note that this plugin binds the variable directly to the closure and not the environment as the other, e.g. I can use the variable SECRET directly.
