Due to some maintenance issues, this service has been switched in read-only mode, you can find more information about the why

and how to migrate your plugin documentation in this blogpost

Skip to end of metadata
Go to start of metadata
This plugin allows masking passwords that may appear in the console

Plugin Information

View Mask Passwords on the plugin site for more information.

The current version of this plugin may not be safe to use. Please review the following warnings before use:

This plugin is up for adoption. Want to help improve this plugin? Click here to learn more!

About this plugin

This plugin allows masking passwords that may appear in the console, including the ones defined as build parameters. This often happens, for example, when you use build steps which can't handle passwords properly. Take a look at the following example.


Consider you're using an Invoke Ant build step to run an Ant target. This target requires a password to achieve its goal. You would end up having a job configuration like this:

Of course, you could have created a variable to store the password and use this variable in the build step configuration so that it doesn't appear as plain text. But you would still end with a console output like this:


When activating the Mask passwords option in a job, the builds' Password Parameters (or any other type of build parameters selected for masking in Manage Hudson > Configure System) are automatically masked from the console. Furthermore, you can also safely define a list of static passwords to be masked (you can also define a list of static password shared by all jobs in Jenkins' main configuration screen). As such, the passwords don't appear anymore as plain text in the job configuration (plus it is ciphered in the job configuration file):

Once done, new builds will have the passwords masked from the console output:

User guide

First, go to Jenkins' main configuration screen (Manage Hudson > Configure System) and select, in the Mask Passwords - Configuration section, which kind of build parameters have to be automatically masked from the console output:

Notice that, as of version 2.7, you can also define global passwords (defined as pairs of name/password) that can be accessed across all jobs.

Then, for a specific job, activate the Mask passwords option in the Build Environment section to mask passwords from the console:

  1. All the password parameters defined for the job will be automatically hidden.
  2. For each other kind of password (that is, static ones) that may appear in the console output, add an entry (by clicking on the Add button) and set the Password field.
    You may additionally set the Name field. If you do so, the password will then be available as a standard variable. It is then possible to refer to this password using this variable rather than keying it in a field which is not ciphered. Take a look at the screenshots above for an example.

Version history

Version 2.12.0 (Jun 01, 2018)

  • (plus) PR #18 - Mask Passwords Console Log filter can be now applied to all Run types
    • It should allow filtering Pipeline jobs once JENKINS-45693 is implemented
  • (info) Update minimal core requirement to 1.625.3

Version 2.11.0 (Mar 13, 2018)

  • (info) Update minimal core requirement to 1.625.3
  • (info) Developer: Update Plugin POm to the latest version

Version 2.10.1 (Apr 11, 2017)

  • (error) Prevent NullPointerException when loading configurations from the disk (JENKINS-43504)

Version 2.10 (Apr 08, 2017)

  • (plus) Rework the Parameter Definition processing engine, improve the reliability of Sensitive parameter discovery
  • (error) Fix a number of issues with parameter masking reported to the plugin. Full list will be published later

Version 2.9 (30/11/2016)

  • (plus) Add option to mask output strings by a regular expression, also with a global setting (PR #6)
  • (error) Properly invoke flush/close operations for the logger in MaskPasswordOutputStream (PR #8)
  • (error) Fix issues reported by FindBugs
  • (info) Update to the new Parent POM

Version 2.8 (18/10/2015)

  • (plus) Implement SimpleBuildWrapper in order to support Workflow project type (JENKINS-27392)

Version 2.7.4 (29/07/2015)

  • (error) Password parameters were insensitive
  • (error) "Mask passwords" build wrapper was generating insensitive environment variables

Fixed issues (to be investigated and updated):

  • Masking of global password parameters in EnvInject (JENKINS-25821)
  • Masked Passwords are shown as input parameters in Build pipeline plugin (JENKINS-16516)

Version 2.7.3 (29/04/2015)

  • Fixed JENKINS-12161: EnvInject vars could have been not masked because of plugins loading order
  • Fixed JENKINS-14687: password exposed unencrypted in HTML source

Version 2.7.2 (12/07/2011)

  • Fixed JENKINS-11934: Once a job config was submitted, new/updated global passwords were not masked
  • Implemented JENKINS-11924: Improved global passwords-related labels

Version 2.7.1 (10/27/2011)

  • Fixed JENKINS-11514: When migrating from an older version of the plugin, NullPointerExceptions were preventing the jobs using Mask Passwords to load
  • Fixed JENKINS-11515: Mask Passwords global config was not actually saved when no global passwords were defined

Version 2.7 (10/20/2011)

  • Implemented JENKINS-11399: It is now possible to define name/password pairs in Jenkins' main configuration screen (Manage Hudson > Configure System)

Version 2.6.1 (05/26/2011)

  • Fixed a bug which was emptying the console output if there was no password to actually mask

Version 2.6 (04/29/2011)

  • Added a new type of build parameter: Non-Stored Password Parameter
  • Blank passwords are no more masked, avoiding overcrowding the console with stars

Version 2.5 (03/11/2011)

  • New configuration screen (in Manage Hudson > Configure System) allowing to select which build parameters have to be masked (Password Parameter are selected by default)
  • Fixed a bug which was preventing to mask passwords containing regular expressions' meta-characters or escape sequences

Version 2.0 (02/23/2011)

  • Builds' Password Parameters are now automatically masked.

Version 1.0 (09/01/2010)

  • Initial release


  1. Unknown User (cringe)

    When will this plugin be available from the Update Center? I removed one buildstep from my current build because I had to provide my personalized user account/password for it... so I'll be happy if the plugin will be at my hands soon. (wink)

    1. Unknown User (rseguy)

      It should already be there, if not it'll be there in the hours to come (I've released it yesterday). You need Hudson 1.374 at least.

  2. Unknown User (prenaud76)

    Very nice initiative Romain. This is a function that we had in Build Forge for a long time and that we were badly missing in Hudson.

    Tx for adding it (thumbs up)

  3. Unknown User (ossa)

    Hello world! 

    Thanks Romain. It is a great plug-in. BTW, I noticed that if the password contains $, the entire password is not masked off from the log file.  Not sure about any other special characters.

    1. Unknown User (rseguy)

      Thanks for pointing this. I've fixed it and rolled out release 2.5.

  4. Unknown User (sgrellie)

    I have tried using this plugin with a maven build but could not get it do the job.

    I want to provide a login/password with system properties like -Dmy.username=$MY_SECRET_LOGIN -Dmy.password=$MY_SECRET_PASSWORD. I do set those in the MAVEN_OPTS variable in the job configuration and define the masked login and password with the plugin.

    Has anyone tried to use it in a similar situation ?

    1. Unknown User (rseguy)


      I've checked and yes there is an issue with Maven jobs which don't seem able to use vars defined using the Mask Passwords plugin. I suggest to inspect the Hudson/Maven code to see how it handles env vars.

      Anyway, the following works: Define your password as a build parameter.

      1. Unknown User (sgrellie)

        Thanks for confirming the problem.

        If I define my password as a build parameter, I lose the ability to trigger my job automatically.

        1. Unknown User (rseguy)

          You won't lose the ability to trigger the job automatically as long as you define a default value.

          1. Unknown User (dma_k)

            Indeed the solution to define password as "Build parameters" worked fine. However it adds some inflexibilities:

            • I need to define the password twice: one time for Mask Passwords Plugin and another time for Maven.
            • One-click-build is not possible anymore, as there is one extra page shown where one can redefine default parameters.
            • The person, who can run a build, may steal the values of the password (from page HTML source).

            I wonder if better solution possible. Maybe changing the type of job from Maven2 to Free-style will work better?

          2. Unknown User (dma_k)

            I think I got the working solution. Indeed, Free-Style job worked well for me: variables are substituted without extra build parametrization. There is only one minor unimportant side effect: all variables are also passed to maven via -D. For example if the build option is:

            -Dgpg.passphrase=${PGP_PASSWORD} install gpg:sign

            actual command line becomes

            mvn -DPGP_PASSWORD=******** -B -Dgpg.passphrase=******** install gpg:sign
  5. Unknown User (prksh)


    I am trying to use this plugin (ver 2.5) with Hudson 1.398.  I get the following error in "hudson.err.log" every time I click on Manage Hudson > Configure System.

    Apr 20, 2011 2:42:36 PM com.michelin.cio.hudson.plugins.maskpasswords.MaskPasswordsConfig load

    WARNING: No configuration found for Mask Passwords plugin

    Also, I don't get the check boxes under "Mask Passwords Configuration" section

    Please let me know if this plug-in is compatible with both Hudson and Jenkins. 

    1. Unknown User (rseguy)


      The plugin is compatible with both Jenkins and Hudson (it is built for Hudson 1.375).
      I guess the issue you face is because of Hudson's new plugin mechanism which breaks compatibility with some plugins. Try to use the hudson.PluginStrategy=hudson.ClassicPluginStrategy parameter (cf. Hudson's mailing for more details).

      1. Unknown User (zlatan010)


        I have the same issue "Mask Passwords configuration section is not visible" but the plugin is running correctely.

        Where I can find "hudson.PluginStrategy=hudson.ClassicPluginStrategy parameter"

        1. Unknown User (rseguy)

          1. Unknown User (zlatan010)

            Thanks for your help,

            I start hudson like that : sudo /etc/init.d/hudson start, I don't know how to pass the parameter in the startup of hudson, can you help me please.

  6. Unknown User (ekeko)

    hi Romain,

    first, thanks for the useful plugin.

    second, my use case is more complicated, i have to run several jobs with the same password. of course I can add for each job the masked password but I would like to better have it centrally defined once.

    for me this would be  Manage -> Configure System -> Global properties

    there I would like to define the password, masked, and use it thorough all jobs.

    is this somehow possible?

    1. Unknown User (rseguy)

      This can be done. Please create an issue in JIRA.

      1. Unknown User (kevinchow)

        Hi Romain,

        I'd like to follow up on this feature request thread. Was it implemented in Version 2.7 (issue #11399)?

        If it is the case, do I set the variable name/value at Manage->Configure System->Global properties->Enviornment variables?

        At Configure System->Mask Passwords Configuration, which options should I select?

        "Password Parameter" only?



        1. Unknown User (rseguy)

          It's in 2.7 (2.7.1 actually, there was a bug in 2.7). Its' in Manage -> Configure System, after that I don't remember the section, but it's a dedicated one, maybe named "Mask Passwords - Global Passwords", or something similar.

          1. Unknown User (kevinchow)

            Hi Romain,

            It works. The field is "Mask Passwords - Global name/password pairs".



  7. Unknown User (jenkins911)

    Am using 2.7.1 version of the plugin. It does not mask password when the password contains certain special characters like " or ' . I doubt that it is also adding single quotes to start and end of password when it has special character like * or ( or )

    1. Unknown User (rseguy)

      I can't reproduce, it's masked on my side.

      1. Unknown User (jenkins911)

        Am using firefox 7.0.1 on Windows 7. If it was anything else, I can take a screen shot and send.... my password had alphanumeric and one quote .. e.g Jenkin"is3

        1. Unknown User (rseguy)

          Still can't reproduce...

  8. Unknown User (jenkins911)

    The password is masked only in the output console.When jenkins runs shell script which takes this password parameter as the command line parameter and if you do a ps on the system on which this process runs the password is not masked.

  9. Unknown User (fmerrow)

    I've been using this plugin with good effect for some time now, but was told to stop . . . the claim is that when I type the password into the web page and press save, the resulting get/post commands via unsecure http could be sniffed and would have the password in the clear . . . 

    Is this true, or is that allowed for in some way?


    1. Unknown User (rseguy)

      It's true, but it has nothing to see with the plugin, it has to see with Jenkins itself. If you want passwords to not appear as plain text in HTTP requests, then you need to switch to full HTTPS. Enabling or disabling the plugin will do nothing for that.

      1. Unknown User (fmerrow)

        Is that currently possible . . . some plugin I missed or some obscure check box I missed?

        I'd be happy to turn that on in a heartbeat if it is possible, but AFAIK it's not.


        1. Unknown User (rseguy)

          It's possible by properly configuring your application server so that everything goes through HTTPS. Personnaly I do it by using an Apache HTTP server in front of Tomcat.

  10. Unknown User (drayx)

    I might be doing something wrong, but I'm trying to use this plugin together with the mercurial plugin.  I set the password to MERCURIAL_PWD in the global settings, enabled the mask passwords option in the job, and set the mercurial plugin to clone from http://jenkins:${MERCURIAL_PWD}@hg.example.com/repo, and it seems to not be substituting the password for the variable.  Any ideas?  Thanks.

    1. Unknown User (rseguy)

      If I'm right, the mercurial plugin contributes an entry to the SCM part of jobs, which is actually not covered by build wrappers (mask-passwords is a build wrapper – build wrappers wrap only build steps). That's why the plugin has no effect. IMO, the mercurial plugin has to be modified to natively provide a way to externalize and secure the password.

      1. Unknown User (drayx)

        You are correct, the mercurial plugin is part of the SCM portion of the job.  I did not realize that the mask password extension only wrapped the build portion.  It actually woks fine for the masking part, it is just the variable expansion that doesn't work.  The only way I could get the variable like behavior was to add a password parameter with a default value of the correct password.  It is too bad that Jenkins doesn't have any way to add global variables.  Anyway, thanks for the response.

  11. Unknown User (alex01ves)

    The plugin is TOO VISIBLE (takes up too much interface space) both on the global config and on the job config screens.

    On the global config, the "Mask Passwords - Parameters to automatically mask" block is 11 (eleven!) lines that are arranged sparsely. On the job config, enabling the checkbox leads to a pretty large persistent ORANGE-colored block.

    Great plugin, but I'd like too see a bit less of it. :)

  12. Unknown User (rbrueske)

    Is there a way to allow dollar sign characters ($) in the password value? They do not work as expected.

    If I have a password of abcd$$ the following appears in the log "abcd$".

    If I have a password of $abcd$$" the following appears in the log "$"

    I've tried escaping the character with a backslash () and also tried repeating the character, to no avail.

    We can not expect people to not have $'s in their password as it is an allowed character.

  13. Unknown User (aartemov)

    Looks like a good plugin, but... I was really surprised today to find my passoword in a plain way on the Environment Variables page of a build. Now I can see that this plugin is senseless.

    1. Unknown User (stefanthurnherr)

      Alexander: Read this plugin's page, and have a look at the different "Mask passwords" option both at the global jenkins configuration page and at the job-specific configuration page.

      1. Unknown User (stefanthurnherr)

        If by "Environment Variables" page you mean the page appearing when clicking on the "Parameters" link of a job run, the masking works for me.

        1. Unknown User (aartemov)

          No, I meant exactly "Environment Variables" link. Anyway, thank you, I tried "Inject passwords to the build as environment variables" and now my passwords are encrypted in both in "Environment Variables" page and Pipeline View. Though, I don't understand why "Mask passwords (and enable global passwords)" is made in such way that it doesn't encrypt passwords.

          1. Unknown User (aartemov)

            No, I was wrong, in Pipeline View password is shown plainly, unencrypted. So, there's another challenge.

            1. Unknown User (rseguy)

              Had you fully read this page, you would have seen that (1) there's a version 2.7.3 of the plugin which has not been released yet but which fixes an issue with the EnvInject plugin and that (2) the JIRA issue for this bug even provides an HPI which contains the bugfix.

              Anyway, EnvInject is a good workaround for your use (also, you might want to know that the EnvInject password masking mechanism is fully based on the source code of the Mask Passwords plugin).

              1. Unknown User (aartemov)

                Sorry, didn't read information about releases and 2.7.3 (everything else read). It's a good news that it's fixed!

          2. Unknown User (lathanhtam)

            I'm running into the same issue. All of the "Mask Passwords - Global name/password pairs" configured in the Jenkins Configuration
            are shown in plain text in the Jenkins>job>build#>Environment Variables if I enable "Mask passwords (and enable globla passwords)" for that job. 

            Is there a way to fix this? Did I configured something incorrectly? Will the 2.7.3 version fix this issue? If this version will fix the issue when will it be released. 

  14. Unknown User (stefanthurnherr)

    Great plugin, Romain! Could you somewhere explain what the difference between "Password parameter" and "Non-stored password parameter" is? Cant find any documentation, the '?' help text for these two parameter types is very generic.

    1. Unknown User (rseguy)

      When you run a job, the parameters used as an input to this job are stored by Jenkins. So, if you use a "Password Parameter", the password will be kept along with the build. Whereas, if you use a "Non-stored password parameter", this password will not be kept. I recommend using the second choice.

  15. Unknown User (sventhegrinch)

    This looks like it's exactly what I need (already using it actually). My only question (not being a security expert) is how securely the passwords are stored within jenkins (or wherever). Who can access them, and how, and how much effort would that take? Sorry if this is a FAQ, I tried to look, but didn't see it.

  16. Unknown User (sventhegrinch)

    This looks like it's exactly what I need (already using it actually). My only question (not being a security expert) is how securely the passwords are stored within jenkins (or wherever). Who can access them, and how, and how much effort would that take? Sorry if this is a FAQ, I tried to look, but didn't see it.

    1. Unknown User (rseguy)

      The password are encrypted using Jenkins' encryption mechanism, which entry point is the Secret class (cf. http://javadoc.jenkins-ci.org/hudson/util/Secret.html). These two lines in the class description bring the answer you need:

      Glorified String that uses encryption in the persisted form, to avoid accidental exposure of a secret.
      This is not meant as a protection against code running in the same VM, nor against an attacker who has local file system access on Jenkins master.

  17. I've been using Mask Passwords for a while. It's a great plug-in!

    It worked fine for me with Ant and Gradle, however I just tried it with a job that is running via Execute Windows batch command and it did not seem to work.

    It's configured like this, using Mask Passwords' global pair variable:

    Command = featureTest.cmd userFoo ${AppPassword}

    The variable does not get expanded. I had to switch to parameterized build just to get around this.

    Any chance to add it to the to-do list?

    1. Unknown User (oleg_nenashev)

      I suppose you should use %AppPassword% ...

      1. That's what I ended up doing with parameterized build (AppUser and AppPassword are build parameters):

        Command = featureTest.cmd "%AppUser%" "%AppPassword%"

        It works, but parameterized builds have drawbacks:

        1. Extra click for all manual builds
        2. Can't share the same Mask Password variable between multiple jobs
        3. ?
        1. Unknown User (irnbruman)

          I tried creating a new project and creating a "Execute Windows Command" with paramaterized build, but I am not seeing the masking in the console log for "%PASS%". 

          what type of paramater did you use? string or something else?

          1. For the password I'm using "Password Parameter"

  18. Unknown User (irnbruman)

    I am running jenkins on windows and I have the promoted builds plugin installed

    As part of a manual promotion I am kicking off an "Execute Windows command" that executes a psexec command.

    I have defined a password parameter call PASS contains the password

    I am running something like PsExec.exe
    HOST -u localhost\administrator -p "%PASS%" c:\stop.bat

    The Password still shows up in the in console log for the promotion. 

    I have tried defining a password variable in the system configuration page, but that doesn't get substituted. 

    Any suggestions?

  19. Unknown User (ehjabber)

    Can't get plugin to work with psexec on windows...


    username and password used are correct and are defined to the plugin.

    servername  -u myusername -p $

    Unknown macro: {password1}

      cmd.exeLogon failure: unknown user name or bad password.
    Connecting to servername...

  20. Unknown User (sambu8)

    Hi ,

    I would  like to know if this plugin supports Maven3

  21. Unknown User (gdameron)

    Using version 2.7.2 on Linux. Serious security hole: Global passwords are masked in the console, but NOT masked if the job echo's it to a file, and the file is archived. You can see the clear-text password if you click the archive link under "Last Successful Artifacts".

    Is there a fix in the pipeline for this?

  22. Unknown User (bmoon)

    2.7.4-SNAPSHOT appears to resolve a security vulnerability with "sensitive flag to every MaskPassword build var"; however, i do not see a release version for 2.7.4.   Are there plans to release this?

  23. Unknown User (bartolaki)

    Something wrong is happening to my masked password after update to 2.7.4... When I pass them to job as global passwords and use like let's say $

    Unknown macro: {TDS_CI_PASS}

    in build, it's somehow not resolved correctly as I got authentication failures wherever it's used. When rolling back to 2.7.3 - everything works fine. I'm on Jenkins 1.623.

    Do you need any other info from me?

    Thanks for any comment, help :)

  24. Unknown User (nenad)


    Is it possible to have Job Configuration option "Mask passwords" set to true at the system level, and make it impossible to change for an individual job. Without this I easily create a job that has this option unset in its configuration and get to its value. I am having the system level options configured by only one user who would also hold the secrets used within the build, and other users that can run and configure the builds but are unable to learn/disclose the secrets...


  25. Unknown User (nenad)


    Is it possible to have Job Configuration option "Mask passwords" set to true at the system level, and make it impossible to change for an individual job. Without this I can easily create a job that has this option unset in its configuration and get to the value of a secret. I am having the system level options configured by only one user who would also hold the secrets used within the build, and other users that can run and configure the builds but are unable to learn/disclose the secrets...


  26. Unknown User (hyei)

    Would love the concept of this plugin to work in tandem with the Credentials plugin.

  27. Unknown User (harry)


    I've set a global Name/Password (TestPair1/Testpassw) pair and I want to use it in a project in Build section where I'm executing a Windows PowerShell command. 

    Inside this command I have something like this: $Password = $TestPair1, but, when executing it's saying that Password is null, like $TestPair1 value is null or something.

    My question is..how do I get that TestPair1 value?
    I've tried also $Password = $

    Unknown macro: {TestPair1}

    , $Password = "%TestPair1%", $Password = %TestPair1%, but nothing..

  28. Unknown User (qinjiajia)

    It's a wonderful plugin, but it seems when used it in Jenkins 2 with pipline job, it will show the password on the log, do you any any suggestion? thanks.

  29. Unknown User (nbl9999)

    Project fail immediately with Mask Password 2.10 enabled, doesn't even generate a log. Had to downgrade to 2.09.

    Apr 10, 2017 7:50:30 AM hudson.model.Run handleFatalBuildProblem
    SEVERE: #20 failed to build and we don't even have a listener
    at com.michelin.cio.hudson.plugins.maskpasswords.MaskPasswordsConfig.isMasked(MaskPasswordsConfig.java:343)
    at com.michelin.cio.hudson.plugins.maskpasswords.MaskPasswordsBuildWrapper.createLoggerDecorator(MaskPasswordsBuildWrapper.java:132)
    at jenkins.tasks.SimpleBuildWrapper.decorateLogger(SimpleBuildWrapper.java:191)
    at hudson.model.Run.createBuildListener(Run.java:1824)
    at hudson.model.Run.execute(Run.java:1719)
    at hudson.model.FreeStyleBuild.run(FreeStyleBuild.java:43)
    at hudson.model.ResourceController.execute(ResourceController.java:97)
    at hudson.model.Executor.run(Executor.java:405)

    Apr 10, 2017 7:50:30 AM hudson.model.Run handleFatalBuildProblem
    SEVERE: #20 failed to build and we don't even have a listener
    at hudson.model.AbstractBuild$AbstractBuildExecution.reportError(AbstractBuild.java:749)
    at hudson.model.AbstractBuild$AbstractBuildExecution.performAllBuildSteps(AbstractBuild.java:728)
    at hudson.model.Build$BuildExecution.post2(Build.java:186)
    at hudson.model.AbstractBuild$AbstractBuildExecution.post(AbstractBuild.java:665)
    at hudson.model.Run.execute(Run.java:1760)
    at hudson.model.FreeStyleBuild.run(FreeStyleBuild.java:43)
    at hudson.model.ResourceController.execute(ResourceController.java:97)
    at hudson.model.Executor.run(Executor.java:405)

    1. Unknown User (oleg_nenashev)

      Please use Jenkins JIRA to report issues. Fixing it anyway

      1. Unknown User (core2dark)

        In case you need any repro steps, you just need to have an existing config when you start Jenkins. I think it is nulling out the password caches when it loads it.

      2. Unknown User (nbl9999)

        JENKINS-43504 - Getting issue details... STATUS

        1. Unknown User (oleg_nenashev)

          Thanks! Released the fix in 2.10.1. Sorry for the delay, there was some other issue in the test framework.

  30. Unknown User (lilithian)


    Great plugin. I know this plugin is for static passwords, but o you have any suggestions for managing dynamic ones?

    A password with a concatenation of $String1 $String2?


    Best regards,


    1. Unknown User (oleg_nenashev)

      My suggestion is to avoid such passwords, because they are not really passwords.

      If you want to do it, you can create a plugin with your own Credentials Type in Credentials Plugin

    2. Unknown User (nickmellor)

      I'm also interested in this, and Oleg I beg to differ.

      My reason for using "programmatic" passwords as suggested by Baubak is that I am not using Jenkins credentials to store secure passwords. Instead I'm retrieving passwords from another application or service, and then using those passwords in Jenkins pipelines.

      In that case they are most certainly passwords.

  31. Unknown User (orgifford)

    Very nice plugin! Is it possible to update a variable and associated password either via an API call or curl? My apologies if this is documented some where. I have been looking and not able to find an automated solution.

    Thank you for your response in advance,


  32. Unknown User (shawnparslow)

    I am looking for some help with this plugin - I am hoping to use it to prevent secrets (mostly GUID's) from being written out to the console/logs.  We only use pipeline jobs in the form of Jenkinsfiles.  I added the plugin and tried to just use some global regex exclusions to block the GUIDs from outputting but it doesn't seem like its doing anything.  The scenario I am trying to prevent is typeing/catting (type myfile.json / cat myfile.json depending on OS) in a build and not having it output the GUID's written in the file.  Is this an incorrect usage for the regex option in this plugin or is there something else that needs to be done to use it in a pipeline-only job architecture.  I have read the documentation above but I might be getting lost in the legacy/changes as we have only ever used Jenkinsfile based pipelines.

    1. Unknown User (duemir)

      According to release notes, 2.12.0 lay down some groundwork for Pipeline support but there's no full support as of the time of writing.

  33. Unknown User (lforooha)

    I have 2.10.1 version of this plugin and it works great except when i create the jenkins job (1.6.44 version of jenkins) and enter my

    password which is encrypted in the parameters field and can not be seen either in the jenkins job output console or the parameters list ..and if

    another user login to the jenkins server and rebuild the same job (we have rebuilder plugin installed too) .. then chrome will

    prompt the user to save the jenkins job password and he can see my password under chrome.. The jenkins console output does not

    show the password but chrome is saving it.. is this a known problem? 




    1. Unknown User (lforooha)

      just update... i switch from using "non store password" to "password parameter"  in the jenkins job and 

      now the password is hashed and it is not visible in chrome password manager.. i am not sure whose 

      bug is this at this point. 

  34. Unknown User (olivier_lambert)


    Is it possible to improve the plugin to be configurable with the configuration-as-code plugin ?

    Do I have to create a Jira issue for this ?


    1. Unknown User (duemir)

      If you've got a plugin, that we do not have an example for, you can consult the reference help document by pressing the Documentation link on the Configuration as Code management link page.

      Did you check as above snippet from JCasC documentation suggest? The JCasC is built on top of the existing metadata that is attached to the Extensions contributed by the plugins so it might be possible already, although not with the best syntax

      Feature request in JIRA is definitely the right approach to request an improvement. However, the plugin is up for adoption so it is unlikely that somebody will work on it any time soon.

      1. Unknown User (oleg_nenashev)

        1. Unknown User (olivier_lambert)

          Thx for your response.

          Unknown User (duemir) yes i check the Documentation generated by the plugin. There is currently no configuration item available for the mask password plugin.

          I created the Jira issue yesterday. But if there isn't any dev on the project, it will not be upgraded (sad)

          1. Unknown User (oleg_nenashev)

            Jenkins project is a community-driven one. If there is no active maintainer, you can always take over the project OR to propose a pull request and request reviews by the community. That's how it happens.

  35. Unknown User (inarayana20th)

    Do we have automated/script for masked password value as we have 130 jobs which needs to update password filed. It would be great if we have automated script or API calls.