How to scrub passwords from build info

David Xu
2019-05-21 01:49

Summary

Remove sensitive information from build information proactively

Details

 

In secure environments it is imperative that passwords and other sensitive information is exposed as little as possible.

Sometimes users may (inadvertently) pass such information in the build info JSON.

 

 

Resolution

 

Here is a solution for Artifactory Admins to use a modified beforeBuildSave plugin:

https://github.com/jfrog/artifactory-user-plugins/tree/master/build/beforeBuildSave

 

Use the method below to replace password and other sensitive properties.

 

buildRun.build.properties.setProperty("buildInfo.env.REPO_PASSWORD", "")