search

jenkinsci / hashicorp-vault-plugin

Jenkins plugin to populate environment variables from secrets stored in HashiCorp's Vault.
https://plugins.jenkins.io/hashicorp-vault-plugin/
MIT License
217 stars 143 forks source link

Disable masking of usernames #289

Open dhs-rec opened 1 year ago

dhs-rec commented 1 year ago

What feature do you want to see added?

Similar to what has already been done for the default Jenkins credentials provider: https://issues.jenkins.io/browse/JENKINS-44860.

Please add a flag to individual credentials (and/or a global one for setting a default value) to disable masking of usernames, or even remove this feature completely.

It doesn't make much sense and usually splatters the 5-star string all over the build log (for example, we have a user called "build", so every occurrence of that word is replaced with the 5 stars, which makes the log somewhat hard to read.

Thanks a lot.

Upstream changes

https://issues.jenkins.io/browse/JENKINS-44860

Oliniusz commented 1 year ago

I've come to this issue looking for exactly that.

We use our Vault to provide all kinds of variables for applications but also deployments parameters for Jenkins and Kubernetes for each application in each environment like e.g.:

{
  "CPU_LIMIT": "8192m",
  "CPU_REQUESTED": "256m",
  "CPU_SCALING_THRESHOLD": "60",
  "DEFAULT_TOPIC_CACHE_TIMEOUT": "2",
  "DEPLOYMENT_AWS_REGION": "eu-west-2",
  "ECR_REGION": "eu-west-2",
  "ENVIRONMENT": "qa",
  "GUNICORN_THREADS_AMOUNT": "24",
  "GUNICORN_WORKERS_AMOUNT": "1",
  "GUNICORN_WORKER_CLASS": "gthread"
}

As you can imagine, I don't really want every single 1, 24, 2, qa etc. being replaced with asterisks.

May I ask you for any suggestions if there is any workaround I could use in the meantime, please?