Uploaded image for project: 'Bamboo Data Center'
  1. Bamboo Data Center
  2. BAM-14080

PASSWORD environment variables passed to build scripts are not masked

    XMLWordPrintable

Details

    Description

      I've got a Maven3 builder, and I'm passing in environment variables based on Bamboo global variables.

      For example, I pass in this value:

      AWS_ACCESS_KEY=${bamboo.AWS_ACCESS_KEY_PASSWORD}

      The value is then visible in the logs, unmasked. E.g, the logs contain a line like this:

      /opt/maven-3.0/bin/mvn -Djava.io.tmpdir=/tmp/MYPROJECT-JOB1 clean verify enforcer:enforce --batch-mode
 ... in: /mnt/bamboo-ebs/bamboo-agent/build-dir/MYPROJECT-JOB1
  ... using extra environment variables: 
  MAVEN2_HOME=/opt/maven-3.0
  JAVA_HOME=/opt/jdk-7
  useMavenReturnCode=false
  AWS_ACCESS_KEY=AKIA<rest deleted by me;should be masked>
  bamboo_AWS_SECRET_KEY_PASSWORD=********
  M2_HOME=/opt/maven-3.0
  bamboo_AWS_ACCESS_KEY_PASSWORD=********
  bamboo_recipe_name=iespersist_service
  AWS_SECRET_KEY=MTFt<rest deleted by me;should be masked>
  PATH=<truncated>

      The "bamboo_" prefixed variables are masked, but I don't want to use the bamboo prefix in my build scripts and test code (Yeah, I'm fussy that way). The variables I've manually added are not masked.

      Attachments

        Issue Links

          duplicates

          Suggestion - BAM-14475 Password variables must be masked in the build log

          • Closed
          was cloned as

          BDEV-4285 Loading...

          Activity

            People

              Unassigned Unassigned
              ae68c5fad4e9 Robert Watkins
              Votes:
              4 Vote for this issue
              Watchers:
              9 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved: