如何使用Jenkins控制台批量解密Jenkins凭据.xml中的所有凭据?
我可以使用以下常规代码片段来一次完成一个秘密:
node {
def creds
stage('Sandbox') {
withCredentials([string(credentialsId: 'VAC_USER',variable: 'C_PASS')]) {
creds = "\nUser: ${C_USER}\nPassword: ${C_PASS}\n"
}
println creds
}
}
但是,我对Groovy的了解为0,并且不清楚如何打印出解密后的整个凭据文件,以便在其ID旁边显示每个解密的密码。
答案 0 :(得分:0)
在我的案例中,解决方案是通过Jenkins终端运行groovy提取代码(假设其中一个具有管理员访问权限)。
下面的代码提取Jenkins中配置的大部分凭据(用户名+密码,ssh键,机密文本),并且可以扩展到凭据存储中的其他类型的机密:
def creds = com.cloudbees.plugins.credentials.CredentialsProvider.lookupCredentials(
com.cloudbees.plugins.credentials.common.StandardUsernameCredentials.class,
Jenkins.instance,
null,
null
);
//SSH-Secrets
for (c in creds) {
println( ( c.properties.privateKeySource ? "ID: " + c.id + ", UserName: " + c.username + ", Private Key: " + c.getPrivateKey() : ""))
}
//Username+Password Combination
for (c in creds) {
println( ( c.properties.password ? "ID: " + c.id + ", UserName: " + c.username + ", Password: " + c.password : ""))
}
//Secret Text
def creds2 = com.cloudbees.plugins.credentials.CredentialsProvider.lookupCredentials(
com.cloudbees.plugins.credentials.common.StandardCredentials.class,
Jenkins.instance,
null,
null
);
//Secret Strings
for (c in creds2) {
println( ( c.properties.secret ? " ID: " + c.id + " DESCRIPTION: " + c.description + " SECRET: " + c.secret : ""))
}