How to use `inject-passwords` in Jenkins job Builder?

The documentation for the password injection is not useable. Therefore I provide a complete example here.

First, you ned to get the encryped password.

  1. Go to the configuration part of a Jenkins Job that can be safely modified. For example the one you are currently trying to setup.
  2. In the "Build Environment" section, click on the "Inject passwords to the build as environment variables".
  3. Write your plain password with a dummy variable name and save the configuration. This step will encrypt the password behind the hood.
  4. Go to the "Job Config History" tab of the Job and look at the latest RAW XML configuration file. You will find in the XML your encrypted password that can be copied for the next step.

Second step, you need to put the password in the yaml file as follows:

     - inject-passwords:
        global: true
        mask-password-params: true
            - name: TEST_USER_PASSWORD
              password: '{AQAAABAAAAAQvsFFVkOmzr5WzEhX8OWuK7mizr5xzEhX8lGo2AGMVw8=}'
            - name: TEST_USER_PASSWORD2
              password: '{AQAAABAAAAAQvsFFVkOmzr5xzEhX8lGo2AcPGMVw8b8SflGo2AcPGMVw8=}'

Note: The password are in quotes AND in curly brackets.

Third step: In jenkins you can use the environment variables TEST_USER_PASSWORD and TEST_USER_PASSWORD2. These variables will contain the decrypted password, but when you print them out, jenkins will notice there is a password in the log, which jenkins will obfuscate.


Actual output

My password is jddfdjh44y98dyghsdgdgfdg

Jenkins log output

My password is [********]

You can print the content of the variable step-by-step to get the password (to check that it works).