Jenkins:解密credentials.xml中的所有密码(通过Jenkins执行控制台)
如何使用Jenkins控制台批量解密Jenkins credentials.xml中的所有凭据 我可以使用groovy的这个片段一次只做一个秘密:Jenkins:解密credentials.xml中的所有密码(通过Jenkins执行控制台),jenkins,groovy,jenkins-groovy,Jenkins,Groovy,Jenkins Groovy,如何使用Jenkins控制台批量解密Jenkins credentials.xml中的所有凭据 我可以使用groovy的这个片段一次只做一个秘密: node { def creds stage('Sandbox') { withCredentials([string(credentialsId: 'VAC_USER',variable: 'C_PASS')]) { creds = "\nUser: ${C_USER}\nPassword:
node {
def creds
stage('Sandbox') {
withCredentials([string(credentialsId: 'VAC_USER',variable: 'C_PASS')]) {
creds = "\nUser: ${C_USER}\nPassword: ${C_PASS}\n"
}
println creds
}
}
然而,我对Groovy的了解是0,并且不清楚如何打印整个凭证文件,解密后的每个密码都显示在其id旁边。在我的例子中,解决方案是通过Jenkins终端运行Groovy提取代码(假设有管理员访问权限) 下面的代码提取Jenkins中配置的大部分凭据(用户名+密码、ssh密钥、密文),并可以扩展到凭据存储中的其他类型的机密:
def creds = com.cloudbees.plugins.credentials.CredentialsProvider.lookupCredentials(
com.cloudbees.plugins.credentials.common.StandardUsernameCredentials.class,
Jenkins.instance,
null,
null
);
//SSH-Secrets
for (c in creds) {
println( ( c.properties.privateKeySource ? "ID: " + c.id + ", UserName: " + c.username + ", Private Key: " + c.getPrivateKey() : ""))
}
//Username+Password Combination
for (c in creds) {
println( ( c.properties.password ? "ID: " + c.id + ", UserName: " + c.username + ", Password: " + c.password : ""))
}
//Secret Text
def creds2 = com.cloudbees.plugins.credentials.CredentialsProvider.lookupCredentials(
com.cloudbees.plugins.credentials.common.StandardCredentials.class,
Jenkins.instance,
null,
null
);
//Secret Strings
for (c in creds2) {
println( ( c.properties.secret ? " ID: " + c.id + " DESCRIPTION: " + c.description + " SECRET: " + c.secret : ""))
}
用于转储所有系统凭据的简单联机:
com.cloudbees.plugins.credentials.SystemCredentialsProvider.getInstance().getCredentials().forEach{println it.dump().replace('''.\n')}