Inedo Community Forums Forums
    • Recent
    • Tags
    • Popular
    • Login

    Welcome to the Inedo Forums! Check out the Forums Guide for help getting started.

    If you are experiencing any issues with the forum software, please visit the Contact Form on our website and let us know!

    Hide passwords in environment variables

    Scheduled Pinned Locked Moved Support
    buildmasteractionssecurity
    4 Posts 1 Posters 5 Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • ? This user is from outside of this forum
      Guest
      last edited by

      We need to pass a password to a unix shell script when executing the "Execute Command" action but we do not want the password printed in the BuildMaster log file for security reasons.

      How can we do this ?

      1 Reply Last reply Reply Quote 0
      • ? This user is from outside of this forum
        Guest
        last edited by

        This would involve creating a custom action that masks the password to the logger.

        Alternatively, there is the Builds_ViewDebugLogs (ID=76) security task that could be denied, but this would block all debug logs in the scope. Usually, that's ok though.

        1 Reply Last reply Reply Quote 0
        • ? This user is from outside of this forum
          Guest
          last edited by

          Normally we need to see all the logging info for audit purposes, so disabling logging would not be acceptable for us.

          How do we create a custom action ? I could not see an action called "Custom Action"

          1 Reply Last reply Reply Quote 0
          • ? This user is from outside of this forum
            Guest
            last edited by

            The logging isn't disabled; build execution log entries with a debug level are simply not displayed to users who don't have that privilege.

            By default the "View Only" role does not include the ability to view execution log entries.

            We have a few tutorials for making a custom action here: http://inedo.com/support/tutorials

            Alternatively you could store the password on the machine as an environment variable, and have the shell script retrieve it that way.

            1 Reply Last reply Reply Quote 0

            Hello! It looks like you're interested in this conversation, but you don't have an account yet.

            Getting fed up of having to scroll through the same posts each visit? When you register for an account, you'll always come back to exactly where you were before, and choose to be notified of new replies (either via email, or push notification). You'll also be able to save bookmarks and upvote posts to show your appreciation to other community members.

            With your input, this post could be even better 💗

            Register Login
            • 1 / 1
            • First post
              Last post
            Inedo Website Home • Support Home • Code of Conduct • Forums Guide • Documentation