Cloud CI - Hide token from the Jenkins logs

Problem Description

You have SSO enabled for the Talend Cloud Management Console (TMC), then with CI, you need to use the user token to publish the artifacts to TMC. To pass the user token for the authentication you pass "-Dcloud.token=<user_token>" as a Maven parameter. However when you are using a Pipeline Jenkins project you do not want the token visible in the Groovy script or in the Jenkins execution logs.

 

For reference, the sample Groovy script, cloud_token_pipline.txt, is attached to this article.

 

Solution

To hide the token from the plain sight, perform the following steps:

  1. Install the Credential Binding plugin in Jenkins. You may have to do a restart of Jenkins to install this.

  2. Create a Secret text type credential in Jenkins to store cloud token.

  3. Modify the pipeline script, based on the Jenkins, Credentials Binding Plugin documentation, to read the secret text credential that you created in Step 2, and store the same in an environment variable.
  4. Use the Maven "-Dcloud.token" option and the environment variable in which you stored the cloud token.

  5. Run the pipeline and verify that the token value is shown in the logs.

Version history
Revision #:
3 of 3
Last update:
‎11-07-2019 11:06 AM
Updated by:
 
Contributors