[
https://issues.jenkins-ci.org/browse/JENKINS-12423?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=158858#comment-158858
]
gbois commented on JENKINS-12423:
---------------------------------
I tested and I have reproduced the problem with the EnvInject and the
mask-passwords plugins.
Native password parameters (provided by Jenkins core) are masked.
However, passwords provided by the mask-passwords plugin are visible.
The problem is due to the mask-passwords plugin uses custom password parameters
(labeled Non stored password) and the envinject is not aware of the this
specific new type.
Technically, mask-passwords plugin use the class
'com.michelin.cio.hudson.plugins.passwordparam.PasswordParameterValue' and the
envinject plugin is not aware of this class.
We know if it is a password parameter only by the class itself and not by an
inherited property set to a specific value (such as boolean).
> Password masked by Mask Passwords are visible when using envinject plugin
> -------------------------------------------------------------------------
>
> Key: JENKINS-12423
> URL: https://issues.jenkins-ci.org/browse/JENKINS-12423
> Project: Jenkins
> Issue Type: Bug
> Components: envinject, mask-passwords, perforce
> Environment: envinject 1.9
> mask-passwords 2.7.2
> Jenkins ver. 1.424.1
> Windows
> Perforce plugin 1.3.7
> Reporter: Roger Myung
> Assignee: gbois
>
> If I use the mask-passwords plugin to create a masked password, and also use
> the envinject plugin to setup an environment, the masked password is visible
> from the "Injected Environment Variables" link for each build.
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators:
https://issues.jenkins-ci.org/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira
