Create
cancel
Showing results for 
Search instead for 
Did you mean: 
Sign up Log in
Deleted user
0 / 0 points
Next:
badges earned

Your Points Tracker
Challenges
Leaderboard
  • Global
  • Feed

Badge for your thoughts?

You're enrolled in our new beta rewards program. Join our group to get the inside scoop and share your feedback.

Join group
Recognition
Give the gift of kudos
You have 0 kudos available to give
Who do you want to recognize?
Why do you want to recognize them?
Kudos
Great job appreciating your peers!
Check back soon to give more kudos.

Past Kudos Given
No kudos given
You haven't given any kudos yet. Share the love above and you'll see it here.

It's not the same without you

Join the community to find out what other Atlassian users are discussing, debating and creating.

Atlassian Community Hero Image Collage

Bamboo Specs and masked variables

In Bamboo plans we are able to mask plan variables with "password" phrase in variable name. So nobody will be able to see the content.

We are planning to move to Bamboo Specs and therefor plan variables will be define in specs ( Java API ). How can we avoid exposing passwords in specs. 

I was hoping to enter passwords later on using UI but plans created by spec are not editable with UI.

 

3 answers

2 accepted

4 votes
Answer accepted
Foong Atlassian Team May 17, 2018

Use the following steps to get encrypted password

  1. Create a dummy plan in Bamboo manually through UI
  2. Add the password into the Plan Variable
  3. In the Plan Configuration view, click on Actions > View plan as Java Specs
  4. Look for the password variable - it will be shown in encrypted format
2 votes
Answer accepted

You can use encrypted form of variable value. Try to create plan with "secret" variable and export it to Java Specs, "secret" variable will be encrypted. You can use this value in Specs code and store it at repository. If you want to avoid storing of variable in encrypted form at code, use Global variable 

Hi, @Alexey Chystoprudov@Foong

Great answer for masked variables.  However, I tried this solution for task type 'Artifactory Generic Deploy', it does not work. It seems that for this task type, it takes readable password string instead of encrypted form in 'Deployer Password' field.

As we are checking java spec code into source control, it is highly recommended that the readable password should NOT be part of code. So, do we have a way to let this task type take encrypted password? or, alternatively, is there a way to call any existing functions ( like what env var decrpytion does) to decrypt the password at run time? Or maybe there's other better way to handle this case?

 

'Artifactory Generic Deploy' Task view through bamboo portal UI

artDeployTaskDeployerPasswordUI.png

Code snippet corresponding to field 'Deployer password'

 new Stage("Approval and Trigger file upload")
.manual(true)
.jobs(new Job("Approval And TF Artifactory Upload",
new BambooKey("*****")) //masked info
.tasks(new VcsCheckoutTask()
.description("Capture script from BB")
.checkoutItems(new CheckoutItem().defaultRepository()),
new ScriptTask()
.description("Approval Notification")
.interpreter(ScriptTaskProperties.Interpreter.BINSH_OR_CMDEXE)
.location(ScriptTaskProperties.Location.FILE)
.fileFromPath("approvalMessage.sh")
.workingSubdirectory("jiraTFAutoGen"))
.finalTasks(new AnyTask(new AtlassianModule("org.jfrog.bamboo.bamboo-artifactory-plugin:artifactoryGenericTask"))
.description("deliver trigger file to qa artifactory")
.configuration(new MapBuilder()
.put("artifactory.generic.publishBuildInfo", "true")
.put("bintrayConfiguration", "")
.put("bintray.licenses", "")
.put("bintray.repository", "")
.put("artifactory.generic.username", "******") //masked info
.put("artifactory.generic.specSourceChoice", "jobConfiguration")
.put("artifactory.generic.resolveRepo", "")
.put("artifactory.generic.deployPattern", "")
.put("artifactory.generic.envVarsExcludePatterns", "*password*,*secret*,*security*,*key*")
.put("bintray.signMethod", "false")
.put("builder.artifactoryGenericBuilder.artifactoryServerId", "0")
.put("bintray.subject", "")
.put("artifactory.generic.file", "")
.put("artifactory.generic.useSpecsChoice", "specs")
.put("bintray.packageName", "")
.put("artifactory.generic.includeEnvVars", "")
.put("artifactory.generic.artifactSpecs", "")
.put("artifactory.generic.password", "*************") //<------This is where the password is, it takes un-encrypted, plain text form
.put("bintray.mavenSync", "")
.put("artifactory.generic.jobConfiguration", "{****************}") //masked info
.put("baseUrl", "https://bamboo.********") //masked info
.put("artifactory.generic.envVarsIncludePatterns", "")
.put("artifactory.generic.resolvePattern", "")
.put("bintray.vcsUrl", "")
.put("builder.artifactoryGenericBuilder.deployableRepo", "AADEFrontEnd-ReleaseCandidates")
.put("bintray.gpgPassphrase", "/* SENSITIVE INFORMATION */")
.build()))

 

Thanks in advance for any help to be provided.

It's responsibility of plugin developer to store data in encrypted form in DB and decrypt it in runtime. Contact plugin vendor to fix this issue: https://www.jfrog.com/jira/projects/BAP/issues

Thanks for the direction Alex.

Suggest an answer

Log in or Sign up to answer
TAGS
Community showcase
Published in Bamboo

Bamboo 101 Video

G’day Community! As we gear up to introduce Bamboo Data Center to the world, we wanted to make sure that we shared a bit more about Bamboo, the product. Our team has put together an overview video ...

244 views 4 6
Read article

Community Events

Connect with like-minded Atlassian users at free events near you!

Find an event

Connect with like-minded Atlassian users at free events near you!

Unfortunately there are no Community Events near you at the moment.

Host an event

You're one step closer to meeting fellow Atlassian users at your local event. Learn more about Community Events

Events near you