1. Home
  2. Categories
  3. Support
  4. Prompting for username and password

Welcome to the Inedo Forums! Check out the Forums Guide for help getting started.

If you are experiencing any issues with the forum software, please visit the Contact Form on our website and let us know!

Prompting for username and password

  • ?

    We have a requirement during some of our deployments where we need to prompt whoever is executing the deployment for a username and password so we can use it for some other operations.

    This is what I have set up so far:

    1. Created a custom extension with a new "Password" variable type. I'm using a custom IVariableSetter that is a text box with TextMode set to TextBoxMode.Password
    2. Added required execution-level variables so the user has to enter the username and password before promoting

    So far, this almost works. Everything is fine, except that the password is printed in plain text in the "Custom Variables: " line of the debug log. These variables are likely to contain domain credentials, so we cannot have them included in the log at all.

    Is there a way to keep my custom variable type from being printed in the log? I tried playing around with the implementation of the IVariableSetter, but it looks like the VariableValue property is used both during execution and for writing to the log. If this isn't possible, is there another way to accomplish what we're trying to do? I thought it might be possible with a custom action, but I'm not sure how to prompt for user input during action execution.

    Product: BuildMaster
    Version: 4.1.3

    0
  • ?

    Given the requirement, I think you found the right solution.

    Unfortunately, there is no way to hide a variable from being printed in the log; we didn't envision these being used for sensitive information like passwords at first, but it's seeming this is fairly common, so we're going to add a "Sensitive Indicator" to variables soon (targeted for 4.2).

    In the mean time, you may want to consider this solution. There is a database table called BuildExecution_PlanActionVariableValues that associates variable name/values with executed actions. This View Log page simply queries this table (along with the BuildExecution_PlanActionLogEntries table, etc) to display the logs and variables used.

    So, you could do a query like:

     DELETE [BuildExecution_PlanActionVariableValues]
  WHERE [Variable_Name] = @Variable_Name
    AND [BuildExecution_Plan_Id] IN (SELECT [BuildExecution_Plan_Id]
                                       FROM [BuildExecution_PlanActions]
                                      WHERE [Execution_Id] = @Execution_Id

    This query could be run after the execution is run (via a trigger), or as part of the last action. From an implementation standpoint, I would recommend making a sproc for this operation and placing it in a different database (BuildMasterMods, perhaps) to segregate it more such that someone moving/migrating BuildMaster in the future will very quickly see this modification.

    0
  • ?

    Alana, thanks for the suggestion. I will look at adding this, but do you have any ideas how I can get the execution id for the current execution? There don't seem to be any variables for it. I thought of trying to get it from the BuildMaster API using an HTTP GET request, but I don't see a way to store that to a variable.

    0
buildmaster 1056 security 52 sdk 13
Log in to reply
 
Inedo Website HomeSupport HomeCode of ConductForums GuideDocumentation