Mask password in Jenkins when calling TEE

Audience

Everyone

When you use the release build plugin in Jenkins to create a new release the plugin inadvertently leaves your password in clear text in the log files. We need to be able to mask password in Jenkins when calling Team Explorer Everywhere (TEE) so that we meet security requirements.

As you can imagine working at a bank, they get a little…squirmy… when they see or hear about passwords being stored on viewable in the clear. If you are using TFS to do builds from Jenkins then you are likely using the command line tools that come with Team Explorer Everywhere.

clip_image001

If you are also using the Release Plugin and you create a release build then you will see the SCM password that you enter written in the clear in the log. Bit of a shock to my banking colleagues I can tell you. So much so that they called “critical blocker” for the migration to TFVC.

clip_image002

However during the… conversation… they did say that they had a plugin installed that was supposed to mask the passwords when you do a build. Armed with that knowledge, and little other knowledge of Jenkins, I dived in to find a solution. Maybe it just needed more configuration…

clip_image003

So I looked through the documentation and found that you can set variables for passwords and send the variable instead. The plugin will then mask it correctly…. So I thought… that’s for me!

clip_image004

So I dutifully created a global password veriable called “MrHinshPas” (yes, I am testing with my own account) and once saved I should be able to use “$(MrHinshPass)” in places where I want the password replaced.

clip_image005

Running another build and, wohoo, the password gets replaced.

However why do I need to create a variable for this occurrence when it usually replaced things for other passwords in the list. So I went hunting around… I looked at server configuration. I looked at plugins and documentation.

Eventually I looked in the build configuration and I found this…

clip_image006

So for each specific job you can activate the “Mask passwords” option in the Build Environment section and all passwords are magically hidden in your builds. Awesome! How did I miss that…

Upcoming Training Opportunities

These are the next five classes we have, and you can check out our full public schedule of classes.

Live Virtual Applying Professional Scrum Minecraft on  12th December 2022
Virtual Beginner 0
12 - 15 Dec, 2022
14:00-17:30 GMT
Live Virtual Applying Professional Scrum Online in Minecraft on 30th January 2023
Virtual Beginner 12
30 Jan - 2 Feb, 2023
09:30-13:00 GMT

We can deliver any of our courses as private in-house training over Microsoft Teams & Mural. We also recommend training based on your accountabilities or role, you can go directly to recommended courses for Scrum MastersProduct OwnersDevelopers and Agile Leaders.

Create a conversation around this article

Share on Facebook
Share on Twitter
Share on Linkdin

Related Courses

No items found

Read more

Martin Hinshelwood (He/Him) nkdAgility.com
To my understanding there is a frustrating misunderstanding of reality when one thinks that the Product Owner can reject a single story at the Sprint Review. This is the fallacy of the rejected backlog item.
Martin Hinshelwood (He/Him) nkdAgility.com
There is no such thing as an Agile Transformation, Digital Transformation, DevOps Transformation, or any of the Whatever Transformation that you can think of or have been sold. You can’t buy agility, and you certainly can’t install it. There is no end state, no optimal outcome, No best practices. We …
Martin Hinshelwood (He/Him) nkdAgility.com
In light of the new normal and the last 20 years of technological progress, we need to re-define co-location as we no longer need to be in the same room as each other to get the 80% of communication that is non-verbal. If we are participating in an online event, …
Martin Hinshelwood (He/Him) nkdAgility.com
Gathering the metrics for Evidence-based Management in software organisations can be a strenuous task and I have a number of customers that are fretting on what to collect and from where. Here I try to create an understanding of the ‘what’ that we need to collect.

OUR TEAM

We believe that every company deserves high quality software delivered on a regular cadence that meets its customers needs. Our goal is to help you reduce your cycle time, improve your time to market, and minimise any organisational friction in achieving your goals.

naked Agility Limited is a professional company that offers training, coaching, mentoring, and facilitation to help people and teams evolve, integrate, and continuously improve.

We recognise the positive impact that a happy AND motivated workforce, that has purpose, has on client experience. We help change mindsets towards a people-first culture where everyone encourages others to learn and grow. The resulting divergent thinking leads to many different ideas and opportunities for the success of the organisation.