Issue
You observe that after upgrading your instance to use Pipeline: Groovy version 2.85 or higher, running the pipeline code shown below causes the credentials to be shown in the pipeline view.
node("your_node") {
withCredentials([string(credentialsId: "secret", variable: "mySecret")]) {
sh "echo mock login --secret '${MYSECRET}'"
sh "echo starting"
sh "echo exiting"
wrap([$class: "MaskPasswordsBuildWrapper", varPasswordPairs: [[var: "mySecret", password: mySecret]]]) {
sh "echo mock login --secret '${MYSECRET}' # wrapped"
sh "echo starting # wrapped with maskpassword"
sh "echo exiting # wrapped with maskpassword"
}
}
}
Environment
-
CloudBees CI (CloudBees Core) on modern cloud platforms - Managed controller
-
CloudBees CI (CloudBees Core) on modern cloud platforms - Operations Center
-
CloudBees CI (CloudBees Core) on traditional platforms - Client controller
-
CloudBees CI (CloudBees Core) on traditional platforms - Operations Center
-
CloudBees Jenkins Enterprise
-
CloudBees Jenkins Enterprise - Managed controller
-
CloudBees Jenkins Enterprise - Operations center
Resolution
The issue is related to a change in the way that Pipeline: Groovy intercepts groovy string interpolation. This change was included in version 2.85.
In order to solve the problem, you will need to install Credentials Binding 1.24 or higher.
This version solves the issues listed below:
It’s best to use single quotes (') to surround the commands for a sh step, instead of double quotes (") (like the example code above), so that the variable expansion happens on the build agent, instead of using groovy string interpolation.
Tested product/plugin versions
-
Pipeline: Groovy 2.90
-
Blue Ocean 1.23.3