Avoid exposure of sensitive data in the Jenkins runtime options.

Issue

I have some Jenkins runtime options with sensitive data like httpsKeyStorePassword and I want to avoid their exposure in the system process, for example, using ps -ef | grep java.

Environment

CloudBees CI on modern cloud platforms - operations center
CloudBees CI on modern cloud platforms - managed controller
CloudBees CI on traditional platforms - operations center
CloudBees CI on traditional platforms - client controller
Jenkins

Resolution

It’s possible to add the --config flag as a Jenkins option when launching the client and indicate a file where you can set the Jenkins options you need.

For example:

YOUR CONFIGURATION LIKE JENKINS_JAVA_OPTIONS=[...] ... --config=PATH_TO_YOUR_FILE_WHERE_FLAGS_ARE_SET

An example of the content of PATH_TO_YOUR_FILE_WHERE_FLAGS_ARE_SET:

httpsPort=SOME_PORT
httpsKeyStore=CERTIFICATE_PATH
httpsKeyStorePassword=SOME_PASSWORD

References

How to add Jenkins command line options to CloudBees CI (CloudBees Core)?