How to decrypt Jenkins password?



  • In my secrets folder I have these files

    -rw-r--r--  1 root root  272 Oct  2 11:07 hudson.console.AnnotatedLargeText.consoleAnnotator
    -rw-r--r--  1 root root   48 Sep 23 11:40 hudson.console.ConsoleNote.MAC
    -rw-r--r--  1 root root   32 Sep 23 11:42 hudson.model.Job.serverCookie
    -rw-r--r--  1 root root  272 Sep 23 11:39 hudson.util.Secret
    -rw-r--r--  1 root root   32 Sep 23 11:16 jenkins.model.Jenkins.crumbSalt
    -rw-r--r--  1 root root  256 Sep 23 11:16 master.key
    -rw-r--r--  1 root root  272 Sep 23 11:16 org.jenkinsci.main.modules.instance_identity.InstanceIdentity.KEY
    -rw-r--r--  1 root root  272 Sep 23 11:49 org.jenkinsci.plugins.workflow.log.ConsoleAnnotators.consoleAnnotator
    -rw-r--r--  1 root root   48 Sep 23 11:39 org.springframework.security.web.authentication.rememberme.TokenBasedRememberMeServices.mac
    

    In my case hudson.utils.secrets is binary

    od -h hudson.util.Secret 
    0000000 5f25 eee1 0763 1b49 c074 ee22 af85 4e10
    0000020 00cf dd32 b568 fae3 257a 8d6e 1e56 d995
    

    I installed groovy,I looked at https://devops.stackexchange.com/questions/2191/how-to-decrypt-jenkins-passwords-from-credentials-xml What should I do?



  • Jenkins uses string interpolation to take password as input and it uses AES to encrypt and protect secrets, credentials, and their respective encryption keys.

    So, using direct or simple approach will not work. Although you can try to assign the password to a string variable and the print it in log it works in most the cases until the password itself is saved after encrypting.


Log in to reply
 


Suggested Topics

  • 2
  • 2
  • 2
  • 2
  • 2
  • 2
  • 2
  • 2
  • 2
  • 2
  • 2
  • 2
  • 2
  • 2
  • 2