Jenkins secret password argument and his value is still accessible #4651
Comments
|
Is the problem that you'd like to have a secret variable that couldn't be accessed at all? Or are you just worried someone forgets to use the |
|
Many testers can script a code on the same project without knowledge the value of the password. On local station they can use their own password, but on remote machine (Jenkins) they use secret account. Yes, they can log the value accidentally or even want to do it. |
|
The idea with #4537 is to allow creating variables that aren't logged automatically, but even those variables could be logged explicitly. Trying to totally hide the values is problematic because we need to pass the actual values to library keywords and they can then expose values anyway. I got a feeling that an external library or tool is the best solution if you want to totally hide the values. Or do you have ideas how this should work with Robot itself? |
|
#4537 ought to solve this. If not, external libraries can be used. |
Uh oh!
There was an error while loading. Please reload this page.
We run our tests via Jenkins and use Jenkins Credentials (files, strings, keys) for storing password, which Robot then uses during test execution. In our RF scripts we use
$passwordsyntax, so the value of a password is not represented in log.html. The issue is, that anyone can always do some scripting without the special syntax(like ${password})to get access to the real value of the password. I think this is a security risk, which could be improved on. We pass these credentials via variable parametrs to the Robot Framework-v Password:%Jenkins_Credential%. Would it be possible to make another argument for secret value like-s Password:%Jenkins_Credential%, so it would be always hidden/masked?The text was updated successfully, but these errors were encountered: