抑制Jenkins日志中的敏感信息
我想隐藏日志中显示的一些敏感信息 代码: 输出:抑制Jenkins日志中的敏感信息,jenkins,jenkins-pipeline,Jenkins,Jenkins Pipeline,我想隐藏日志中显示的一些敏感信息 代码: 输出: + /var/lib/jenkins/python_jobs/venv/bin/python3 /var/lib/jenkins/python_jobs/encrypter_creds.py --db_url=<hide this from jenkins logs> '--pki_client_cacert_password=<hide this from jenkins logs>' +/var/lib/jenkin
+ /var/lib/jenkins/python_jobs/venv/bin/python3 /var/lib/jenkins/python_jobs/encrypter_creds.py --db_url=<hide this from jenkins logs> '--pki_client_cacert_password=<hide this from jenkins logs>'
+/var/lib/jenkins/python\u jobs/venv/bin/python3/var/lib/jenkins/python\u jobs/encrypter\u creds.py--db\u url='--pki\u client\u cacert\u password='
withEnv(["MYSECRET=${params.pki_client_cacert_password}",
"MYURL=${env.db_url}"]) {
env.artifacts = sh(
returnStdout: true,
script: '.. python3 .. encrypter_creds.py --db_url=$MYURL ' +
' --pki_client_cacert_password=$MYSECRET'
)
pki\u client\u cacert\u password:
withCredentials([usernamePassword(
credentialsId: 'MY_PKI_CLIENT_CREDENTIALS',
passwordVariable: 'DB_URL',
usernameVariable: 'PKI_USER')]) {
env.artifacts = sh(
returnStdout: true,
script: '.. python3 .. encrypter_creds.py --db_url=$DB_URL' +
' --pki_client_cacert_password=$PKI_PASSWORD'
}
您也可以使用自己的第三个选项,例如,将所需信息写入文件,并修改脚本以读取该文件中的参数。我添加了@MaratC suggestion,但这没有多大帮助,因此我最终添加了set+x
和set-x
更多,因此这个问题与
果然奏效了
script{
withEnv(["ENV_PKI_CLIENT_CACERT_PASSWORD=${params.pki_client_cacert_password}", "ENV_DB_URL=${params.db_url}"]) {
env.artifacts = sh(
returnStdout: true,
script: """
set +x
/var/lib/jenkins/python_jobs/venv/bin/python3 /var/lib/jenkins/python_jobs/encrypter_creds.py --db_url=${ENV_DB_URL} --pki_client_cacert_password='${ENV_PKI_CLIENT_CACERT_PASSWORD}'
set -x
"""
)
}
}
詹金斯输出
+ set +x
[Pipeline] .....
[Pipeline] .....
安装掩码密码插件。在某些情况下,jenkins可能会在作业的输出中显示信任,屏蔽密码插件会阻止它。@DmitriyTarasevich该插件似乎不支持管道。该插件处理输出,它不关心作业的类型。如果您对该插件有负面体验,请与他人分享。@DmitriyTarasevich我发现很难理解我需要在我的管道中输入什么来向该插件解释什么是“密码”。
+ set +x
[Pipeline] .....
[Pipeline] .....