在我的 Jenkins 脚本中,我使用 Mask Password 插件,它可以处理相当短的值,例如“密码”或/和“pass”等:
...
def runRegressionTests(token) {
stage("regression tests") {
withCredentials([string(credentialsId: "my-encrypt-key", variable: 'encryptKey')]) {
maskPasswords(varPasswordPairs: [[password: "${token}"]]) {
sh "./gradlew regressionTestsNoFeedback " +
"-PencryptKey=${encryptKey} " +
"-Ptoken=${token} " +
"--continue"
}
}
}
}
...
和
...
def runRegressionTests(token) {
stage("regression tests") {
withCredentials([string(credentialsId: "my-encrypt-key", variable: 'encryptKey')]) {
wrap([$class: 'MaskPasswordsBuildWrapper', varPasswordPairs: [[password: "${token}"]]]) {
sh "./gradlew regressionTestsNoFeedback " +
"-PencryptKey=${encryptKey} " +
"-Ptoken=${token} " +
"--continue"
}
}
}
}
...
但是,当我提供 JWT 值时,它会在控制台和 UI 输出中显示
如何遮盖:
看来 varMaskRegexes 可用于通过适当的正则表达式来掩盖所需的值,在我的情况下是
...
maskPasswords(varMaskRegexes: [[key: "${token}", value: "eyJ[A-Za-z0-9-_=]+\\.[A-Za-z0-9-_=]+\\.?[A-Za-z0-9-_.+/=]*"]]) {
...
}