-
Suggestion
-
Resolution: Fixed
In Bamboo, when using the Atlassian Bamboo SCP Plugin as a Task in a build, I enter the hostname, username, password, etc. for the remote SCP connection. It works fine, however, reviewing the Bamboo database schema, it seems these configuration details are stored in the database table/field : BUILD_DEFINITION.XML_DEFINITION_DATA. For the matching records for my build, I noticed the XML stores the following text :
<taskDefinition>
<id>3</id>
<userDescription>Copy My WAR File To Remote Server </userDescription>
<pluginKey>com.atlassian.bamboo.plugins.bamboo-scp-plugin:test</pluginKey>
<finalising>false</finalising>
<rootDirectoryType>INHERITED</rootDirectoryType>
<repositoryDefiningWorkingDir>-1</repositoryDefiningWorkingDir>
<config>
<item>
<key>password</key>
<value>FAKE-PASSWORD</value>
</item>
.... the rest removed for brevity.....
In this definition, the actual value of the password (in this example FAKE-PASSWORD) is actually visible in PLAINTEXT.
Can this should be modified to store an encrypted or hashed value?
Perhaps you can follow the same model as storing VCS repository credentials already used by Bamboo. For my VCS repo definition, which I located in the database at the following table/field : VCS_LOCATION.XML_DEFINITION_DATA the value for my VCS repo as an XML snippet with the password value encoded or encrypted in some manner. Perhaps this same mechanism can be used to encrypted the SCP remote host password?