snippetCritical
How to decrypt Jenkins passwords from credentials.xml?
Viewed 0 times
jenkinspasswordsxmlcredentialsdecrypthowfrom
Problem
I've taken over the project where a lot of Jenkins credentials has passwords or passphrase strings which I need to know in order to progress with the project, unfortunately these weren't documented anywhere.
I've checked the
Note: I've changed it slightly for privacy reasons.
How can I decrypt its original password based on the string above?
I've checked the
credentials.xml file where these credentials are stored, but they're in not plain text, e.g.:{AAAAAAAAAAAANzxft/rDzyt8mhxpn3O72dxvVqZksL5vBJ4jNKvAjAA=}Note: I've changed it slightly for privacy reasons.
How can I decrypt its original password based on the string above?
Solution
Luckily there is a
-
Run the following command:
or:
where
To do opposite, run:
Source: gist at
Alternatively check the following scripts:
For more details, check: Credentials storage in Jenkins.
hudson.util.Secret.decrypt() function which can be used for this, so:- In Jenkins, go to:
/scriptpage.
-
Run the following command:
println(hudson.util.Secret.decrypt("{XXX=}"))or:
println(hudson.util.Secret.fromString("{XXX=}").getPlainText())where
{XXX=} is your encrypted password. This will print the plain password.To do opposite, run:
println(hudson.util.Secret.fromString("some_text").getEncryptedValue())Source: gist at
tuxfight3r/jenkins-decrypt.groovy.Alternatively check the following scripts:
tweksteen/jenkins-decrypt,menski/jenkins-decrypt.py.For more details, check: Credentials storage in Jenkins.
Code Snippets
println(hudson.util.Secret.decrypt("{XXX=}"))println(hudson.util.Secret.fromString("{XXX=}").getPlainText())println(hudson.util.Secret.fromString("some_text").getEncryptedValue())Context
StackExchange DevOps Q#2191, answer score: 122
Revisions (0)
No revisions yet.