Search code examples
jenkinskubernetesjenkins-plugins

Unable to see Jenkins Credentials values

I'm trying to leverage the Jenkins credentials plugin to store sensitive data which I want to inject into Secrets within my Kubernetes cluster. I have a JenkinsFile which is used in my project to define the steps and I've added the following code to pull a username/password from a credential and pass to shell script to replace a placeholder in a file with the actual file:

stages {
    stage('Build') {
        steps {
           withCredentials([usernamePassword(credentialsId: 'creds-test', passwordVariable: 'PASSWORD', usernameVariable: 'USERNAME')]) {
               sh '''
                  echo $USERNAME
                  echo $PASSWORD

                  chmod +x secrets-replace.sh
                  ./secrets-replace.sh USERNAME_PLACEHOLDER $USERNAME
                  ./secrets-replace.sh PASSWORD_PLACEHOLDER $PASSWORD
                '''
              }
              echo 'Building...'
              sh './gradlew build --refresh-dependencies'
        }
    }
    ...
}

However whenever this runs all I ever get is the masked **** value back, even when I pass it to the shell script. Here is part of the build log:

Jenkins Log

Is there something I need to configure to get access to the unmasked value?

Solution

  • Write the variable to a file in jenkins. Go to the jenkins workspace and look inside the file. The token will be present in plain text there.

    UPDATE

    Further easy way will be to print the base64 encoded value of the credential and then decode it.