问题
I am trying to migrate the credentials from one Jenkins to another but usernames/passwords are hashed in ${JENKINS_HOME}/credentials.xml
I found this answer, but the problem is it doesn't explain where would someone find the encryption key in order to successfully migrate credentials.
Any help is greatly appreciated!
EDIT: More information.. my ${JENKINS_HOME} is on a separate volume which I detach and re-attach onto the new VM, and it still doesn't work with me.
回答1:
I found this analysis very helpful. In a nutshell:
Jenkins uses the master.key to encrypt the key hudson.util.Secret. This key is then used to encrypt the password in credentials.xml.
When I need to bootstrap new Jenkins instances with some default passwords, I use a template directory tree that contains
secrets/hudson.util.Secretandsecrets/master.key
This works fine.
回答2:
Regarding JENKINS migration, I recently experienced this situation and after few testings, my workaround worked for me.
Here is what I did:
I moved below files and folders from Source Jenkins to target:
- $JENKINS_HOME/secret.key
- $JENKINS_HOME/secrets
- $JENKINS-HOME/users
- $JENKINS_HOME/credentials.xml
Please note: These files are not required to move:
- $JENKINS_HOME/identity.key.enc
- $JENKINS_HOME/secrets/org.jenkinsci.main.modules.instance_identity.InstanceIdentity.KEY
otherwise you will see below error after starting Jenkins:
java.lang.AssertionError: InstanceIdentity is missing its singleton
- Jenkins will automatically generate those two files. Once started, you should be good.
来源:https://stackoverflow.com/questions/38465270/wheres-the-encryption-key-stored-in-jenkins