在后台执行脚本时,如何隐藏某些参数或***它们。
产生我想要隐藏的输出的命令是:
sh "./wsagent_execute.sh -s -apiKey ${WHITESOURCE_API_KEY} -projectToken ${WHITESOURCE_PROJECT_TOKEN} -C ${configPath} -d ${directoryPath} -logLevel info"
我想要隐藏的参数是-apiKey和-projectToken。我该怎么做?
如果您从保险库获取凭据,则可以使用掩码密码插件。它没有声明支持管道,但实际上支持。
pipeline {
agent any
stages {
stage('doing something') {
steps {
script {
def current_nano = "1616407597607795668"
sh label: "Now you see it", script: "echo ${current_nano}"
maskPasswords(varPasswordPairs: [[password: current_nano, var: 'IGNORE']]) {
sh label: "Now you don't", script: "echo ${current_nano}"
}
}
}
}
}
}
输出:
[Pipeline] Start of Pipeline
[Pipeline] node
Running on Jenkins in /var/jenkins_home/workspace/
[Pipeline] {
[Pipeline] stage
[Pipeline] { (doing something)
[Pipeline] script
[Pipeline] {
[Pipeline] sh (Now you see it)
+ echo 1616407597607795668
1616407597607795668
[Pipeline] maskPasswords
[Pipeline] {
[Pipeline] sh (Now you don't)
+ echo ********
********
[Pipeline] }
[Pipeline] // maskPasswords
[Pipeline] }
[Pipeline] // script
[Pipeline] }
[Pipeline] // stage
[Pipeline] }
[Pipeline] // node
[Pipeline] End of Pipeline
Finished: SUCCESS
这些键是在管道中计算的还是静态的?您可以尝试像Jenkins中的凭据一样使用它,但在日志中看不到它们的值。
如果您在Jenkins凭据中使用机密定义,Jenkins将自动为您屏蔽该凭据,并在日志中显示为***
假设您已经在jenkins凭证中定义了您的apiKey,Id为:apiKey。然后你可以在你的管道上使用它,就像下面的例子一样。
更多细节可以在这里找到
node() {
withCredentials([string(credentialsId: 'apikey', variable: 'TOKEN')]) {
sh "./wsagent_execute.sh -s -apiKey $TOKEN -projectToken ${WHITESOURCE_PROJECT_TOKEN} -C ${configPath} -d ${directoryPath} -logLevel info"
}
}
如果你对此不满意,请使用掩码密码或类似的插件