Issue

I have some Jenkins runtime options with sensitive data like httpsKeyStorePassword and I want to avoid their exposure in the system process, for example, using ps -ef | grep java.

Environment

CloudBees CI (CloudBees Core)
CloudBees CI (CloudBees Core) on modern cloud platforms - Managed Master
CloudBees CI (CloudBees Core) on modern cloud platforms - Operations Center
CloudBees CI (CloudBees Core) on traditional platforms - Client Master
CloudBees CI (CloudBees Core) on traditional platforms - Operations Center
CloudBees Jenkins Platform - Client Master
CloudBees Jenkins Platform - Operations Center
CloudBees Jenkins Distribution
Jenkins LTS

Resolution

It’s possible to add the --config flag as a Jenkins option when launching the client and indicate a file where you can set the Jenkins options you need.

For example:

YOUR CONFIGURATION LIKE JENKINS_JAVA_OPTIONS=[...] ... --config=PATH_TO_YOUR_FILE_WHERE_FLAGS_ARE_SET

An example of the content of PATH_TO_YOUR_FILE_WHERE_FLAGS_ARE_SET:

httpsPort=SOME_PORT
httpsKeyStore=CERTIFICATE_PATH
httpsKeyStorePassword=SOME_PASSWORD

References

How to add Jenkins command line options to CloudBees CI (CloudBees Core)?

Avoid exposure of sensitive data in the Jenkins runtime options.

Issue

Environment

Resolution

References

0 Comments