Bamboo
  1. Bamboo
  2. BAM-10491

Modify the Atlassian Bamboo SCP Plugin to Store SCP password as hashed or encrypted

    Details

    • Type: Improvement Improvement
    • Status: Resolved
    • Priority: Minor Minor
    • Resolution: Fixed
    • Affects Version/s: 3.3.2
    • Fix Version/s: 4.3
    • Component/s: SCP and SSH tasks
    • Labels:
    • Last commented by user?:
      false
    • Comments:
      3

      Description

      In Bamboo, when using the Atlassian Bamboo SCP Plugin as a Task in a build, I enter the hostname, username, password, etc. for the remote SCP connection. It works fine, however, reviewing the Bamboo database schema, it seems these configuration details are stored in the database table/field : BUILD_DEFINITION.XML_DEFINITION_DATA. For the matching records for my build, I noticed the XML stores the following text :

      <taskDefinition>
      <id>3</id>
      <userDescription>Copy My WAR File To Remote Server </userDescription>
      <pluginKey>com.atlassian.bamboo.plugins.bamboo-scp-plugin:test</pluginKey>
      <finalising>false</finalising>
      <rootDirectoryType>INHERITED</rootDirectoryType>
      <repositoryDefiningWorkingDir>-1</repositoryDefiningWorkingDir>
      <config>
      <item>
      <key>password</key>
      <value>FAKE-PASSWORD</value>
      </item>
      .... the rest removed for brevity.....

      In this definition, the actual value of the password (in this example FAKE-PASSWORD) is actually visible in PLAINTEXT.

      Can this should be modified to store an encrypted or hashed value?

      Perhaps you can follow the same model as storing VCS repository credentials already used by Bamboo. For my VCS repo definition, which I located in the database at the following table/field : VCS_LOCATION.XML_DEFINITION_DATA the value for my VCS repo as an XML snippet with the password value encoded or encrypted in some manner. Perhaps this same mechanism can be used to encrypted the SCP remote host password?

        Issue Links

          Activity

          Hide
          James Dumay [Atlassian] added a comment - - edited

          Hi Adam,
          Thanks for reporting this issue. We currently don't support the SCP plugin officially yet. However, since it is open source, you can fork it on Bitbucket and contribute a fix for it if you are interested in working on it yourself (It might be a little while until I get to this issue).

          The repository types in Bamboo use the StringEncrypter class from the Bamboo SDK to "encrypt" the passwords in the config. Its worth noting that the StringEncrypter is poorly named and doesn't really encrypt anything, it just obfuscates.

          Thanks
          James

          Show
          James Dumay [Atlassian] added a comment - - edited Hi Adam, Thanks for reporting this issue. We currently don't support the SCP plugin officially yet. However, since it is open source, you can fork it on Bitbucket and contribute a fix for it if you are interested in working on it yourself (It might be a little while until I get to this issue). The repository types in Bamboo use the StringEncrypter class from the Bamboo SDK to "encrypt" the passwords in the config. Its worth noting that the StringEncrypter is poorly named and doesn't really encrypt anything, it just obfuscates. Thanks James
          Hide
          Piotr Stefan Stefaniak [Atlassian] added a comment -
          Show
          Piotr Stefan Stefaniak [Atlassian] added a comment - Just in case you would undertake the task of forking the SCP plugin and hacking your way out, you can peek at Bamboo Git Plugin sources, which do the password encryption obfuscation: https://github.com/atlassian/bamboo-git-plugin/blob/master/src/main/java/com/atlassian/bamboo/plugins/git/GitRepository.java#L125 https://github.com/atlassian/bamboo-git-plugin/blob/master/src/main/java/com/atlassian/bamboo/plugins/git/GitRepository.java#L384 https://github.com/atlassian/bamboo-git-plugin/blob/master/src/main/java/com/atlassian/bamboo/plugins/git/GitRepository.java#L585 You could more-less copy paste the code from there... cheers, PS
          Hide
          James Dumay [Atlassian] added a comment -

          Plugin is supported officially by Atlassian and bundled in Bamboo 4.3.

          Show
          James Dumay [Atlassian] added a comment - Plugin is supported officially by Atlassian and bundled in Bamboo 4.3.

            People

            • Votes:
              1 Vote for this issue
              Watchers:
              4 Start watching this issue

              Dates

              • Created:
                Updated:
                Resolved:
                Last commented:
                1 year, 28 weeks, 3 days ago