Encode and decode passwords and other Jenkins settings

1 min read | by Jordi Prats

On the Jenkins configuration files and the credentials.xml we can find some encoded strings, like usernames and passwords. We can use the Jenkins itself to decode them

We just need to point our browser to the jenkins installation path adding /script, for example:

https://jenkins.pet2cattle.com/jenkins/script

On the form we can type in any arbitrary Groovy script and execute it on the server, so we can use hudson.util.Secret to encode or decode strings. For example, to decode a string like:

{AQAAABAAAAAQOyFrySNuzplc8uFobuyBgs/K8ArBEgGahWItAOMa7PU=}

Decode password

We can execute the following:

println(hudson.util.Secret.decrypt("{AQAAABAAAAAQOyFrySNuzplc8uFobuyBgs/K8ArBEgGahWItAOMa7PU=}"))

The result will show the resulting decoded string:

Result

secret

Encode password

Likewise we can also encode any string, for example:

println(hudson.util.Secret.fromString("another_secret").getEncryptedValue())

The resulting encoded string would be:

Result

{AQAAABAAAAAQb2EKbaDNplq4p6jkCMWA/GM0EmqF9X38tEvKfpiSNtQ=}

Posted on 17/11/2021

Categories