Uploaded image for project: 'Bamboo'
  1. Bamboo
  2. BAM-10491

Modify the Atlassian Bamboo SCP Plugin to Store SCP password as hashed or encrypted

    Details

    • Type: Improvement
    • Status: Resolved
    • Priority: Minor
    • Resolution: Fixed
    • Affects Version/s: 3.3.2
    • Fix Version/s: 4.3
    • Component/s: SCP and SSH tasks
    • Labels:
    • Last commented by user?:
      true
    • Comments:
      3

      Description

      In Bamboo, when using the Atlassian Bamboo SCP Plugin as a Task in a build, I enter the hostname, username, password, etc. for the remote SCP connection. It works fine, however, reviewing the Bamboo database schema, it seems these configuration details are stored in the database table/field : BUILD_DEFINITION.XML_DEFINITION_DATA. For the matching records for my build, I noticed the XML stores the following text :

      <taskDefinition>
      <id>3</id>
      <userDescription>Copy My WAR File To Remote Server </userDescription>
      <pluginKey>com.atlassian.bamboo.plugins.bamboo-scp-plugin:test</pluginKey>
      <finalising>false</finalising>
      <rootDirectoryType>INHERITED</rootDirectoryType>
      <repositoryDefiningWorkingDir>-1</repositoryDefiningWorkingDir>
      <config>
      <item>
      <key>password</key>
      <value>FAKE-PASSWORD</value>
      </item>
      .... the rest removed for brevity.....

      In this definition, the actual value of the password (in this example FAKE-PASSWORD) is actually visible in PLAINTEXT.

      Can this should be modified to store an encrypted or hashed value?

      Perhaps you can follow the same model as storing VCS repository credentials already used by Bamboo. For my VCS repo definition, which I located in the database at the following table/field : VCS_LOCATION.XML_DEFINITION_DATA the value for my VCS repo as an XML snippet with the password value encoded or encrypted in some manner. Perhaps this same mechanism can be used to encrypted the SCP remote host password?

        Attachments

          Issue Links

            Activity

            Hide
            jdumay James Dumay [Atlassian] added a comment - - edited

            Hi Adam,
            Thanks for reporting this issue. We currently don't support the SCP plugin officially yet. However, since it is open source, you can fork it on Bitbucket and contribute a fix for it if you are interested in working on it yourself (It might be a little while until I get to this issue).

            The repository types in Bamboo use the StringEncrypter class from the Bamboo SDK to "encrypt" the passwords in the config. Its worth noting that the StringEncrypter is poorly named and doesn't really encrypt anything, it just obfuscates.

            Thanks
            James

            Show
            jdumay James Dumay [Atlassian] added a comment - - edited Hi Adam, Thanks for reporting this issue. We currently don't support the SCP plugin officially yet. However, since it is open source, you can fork it on Bitbucket and contribute a fix for it if you are interested in working on it yourself (It might be a little while until I get to this issue). The repository types in Bamboo use the StringEncrypter class from the Bamboo SDK to "encrypt" the passwords in the config. Its worth noting that the StringEncrypter is poorly named and doesn't really encrypt anything, it just obfuscates. Thanks James
            Hide
            pstefaniak Piotr Stefan Stefaniak [Atlassian] added a comment -
            Show
            pstefaniak Piotr Stefan Stefaniak [Atlassian] added a comment - Just in case you would undertake the task of forking the SCP plugin and hacking your way out, you can peek at Bamboo Git Plugin sources, which do the password encryption obfuscation: https://github.com/atlassian/bamboo-git-plugin/blob/master/src/main/java/com/atlassian/bamboo/plugins/git/GitRepository.java#L125 https://github.com/atlassian/bamboo-git-plugin/blob/master/src/main/java/com/atlassian/bamboo/plugins/git/GitRepository.java#L384 https://github.com/atlassian/bamboo-git-plugin/blob/master/src/main/java/com/atlassian/bamboo/plugins/git/GitRepository.java#L585 You could more-less copy paste the code from there... cheers, PS
            Hide
            jdumay James Dumay [Atlassian] added a comment -

            Plugin is supported officially by Atlassian and bundled in Bamboo 4.3.

            Show
            jdumay James Dumay [Atlassian] added a comment - Plugin is supported officially by Atlassian and bundled in Bamboo 4.3.

              People

              • Votes:
                1 Vote for this issue
                Watchers:
                4 Start watching this issue

                Dates

                • Created:
                  Updated:
                  Resolved:
                  Last commented:
                  3 years, 18 weeks, 4 days ago