Avoid exposure of sensitive data in the Jenkins runtime options.

Article ID:4855915691547
1 minute readKnowledge base

Issue

I have some Jenkins runtime options with sensitive data like httpsKeyStorePassword and I want to avoid their exposure in the system process, for example, using ps -ef | grep java.

Resolution

It’s possible to add the --config flag as a Jenkins option when launching the client and indicate a file where you can set the Jenkins options you need.

For example:

YOUR CONFIGURATION LIKE JENKINS_JAVA_OPTIONS=[...] ... --config=PATH_TO_YOUR_FILE_WHERE_FLAGS_ARE_SET

An example of the content of PATH_TO_YOUR_FILE_WHERE_FLAGS_ARE_SET:

httpsPort=SOME_PORT
httpsKeyStore=CERTIFICATE_PATH
httpsKeyStorePassword=SOME_PASSWORD