> On 21.12.2015, at 23:49, Joe Ferr <jf...@iqnavigator.com> wrote: > > I'd use the Mask Password plugin to hide the exposed token from the console > output so I don't think there would be a way to steal others users API tokens.
That plugin can only hide build parameters and previously defined strings. Do you want to maintain a central list of all API tokens for all users so you can hide them from build output, or how would this work? Also, my point was that any "magic" mechanism (not requiring user input) that adds the tokens to the environment for access by the build script could be used by users able to configure any _other_ job in a way that gives them the API tokens there. If they just write the API tokens to a file rather than echo them to stdout/stderr, Mask Passwords won't help either. -- You received this message because you are subscribed to the Google Groups "Jenkins Users" group. To unsubscribe from this group and stop receiving emails from it, send an email to jenkinsci-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/jenkinsci-users/46A16176-B93A-4834-9EC4-5DA36A9395F5%40beckweb.net. For more options, visit https://groups.google.com/d/optout.
