Skip to content

Instantly share code, notes, and snippets.

@tuxfight3r

tuxfight3r/jenkins-decrypt.groovy

Created September 23, 2015 11:36
Show Gist options
  • Save tuxfight3r/eca9442ff76649b057ab to your computer and use it in GitHub Desktop.
Save tuxfight3r/eca9442ff76649b057ab to your computer and use it in GitHub Desktop.
Download ZIP
Decrypting Jenkins Password
Raw
jenkins-decrypt.groovy
#To Decrypt Jenkins Password from credentials.xml
#<username>jenkins</username>
#<passphrase>your-sercret-hash-S0SKVKUuFfUfrY3UhhUC3J</passphrase>
#go to the jenkins url
http://jenkins-host/script
#In the console paste the script
hashed_pw='your-sercret-hash-S0SKVKUuFfUfrY3UhhUC3J'
passwd = hudson.util.Secret.decrypt(hashed_pw)
println(passwd)
@eeichinger
Copy link

eeichinger commented Oct 19, 2016
edited
Loading 

# encrypt a password
pw='MyPassword1234'
passwd_enc = hudson.util.Secret.fromString(pw).getEncryptedValue()
println(passwd_enc)

@fjlopezs
Copy link

fjlopezs commented Jan 20, 2017
edited
Loading

String key = "Vo1hb2DfqHO5U0AdneAmVon1B54VLZr6+2I1AoeONhw="
def secret = hudson.util.Secret.fromString(key)
println(secret.getPlainText())

  • This key is just an example, if you try, you would get a null value since this key was encrypted with a secret hash. Each installation of Jenkins has a different secret file that is utilized for decrypt each password.
  • There are hashes exist with and without curly braces. If your key contains curly braces you must include this in key variable.

@croccio
Copy link

croccio commented Feb 20, 2017

this print null
#In the console paste the script hashed_pw='your-sercret-hash-S0SKVKUuFfUfrY3UhhUC3J' passwd = hudson.util.Secret.decrypt(hashed_pw) println(passwd)

and this print the key

String key = "Vo1hb2DfqHO5U0AdneAmVon1B54VLZr6+2I1AoeONhw=" def secret = hudson.util.Secret.fromString(key) println(secret.getPlainText())

how can I do to devcode password?

@zigarn
Copy link

zigarn commented Jul 25, 2017

@croccio: You need to keep the curly braces

hashed_pw='{Vo1hb2DfqHO5U0AdneAmVon1B54VLZr6+2I1AoeONhw=}'
passwd = hudson.util.Secret.decrypt(hashed_pw)
println(passwd)

# Or

String key = "{Vo1hb2DfqHO5U0AdneAmVon1B54VLZr6+2I1AoeONhw=}"
def secret = hudson.util.Secret.fromString(key)
println(secret.getPlainText())

@thatsk
Copy link

thatsk commented Oct 10, 2017

its not working it can print the string which you have provided good try

@hughsaunders
Copy link

hughsaunders commented Jan 8, 2018
edited
Loading

You can also find the encrypted key by inspecting the default value in the credentials update form.

@vijayg92
Copy link

How to decrypt credentials stored as a secret file?

@egr-ext
Copy link

egr-ext commented Mar 9, 2018

@vijayg92 have you find a solution for a secret file stored in credentials.xml ?

@fjlopezs
Copy link

@vijayg92 , @egr-ext
I use the code that I've posted before.

@bencoughlan
Copy link

remember that this needs the "="

i.e.

if
KEY_PASSWORD=tmdHc/YjAIu1O/XxwnyLTjgHIK1h95JwpskSy23Khj5

then

String key = "tmdHc/YjAIu1O/XxwnyLTjgHIK1h95JwpskSy23Khj5="
def secret = hudson.util.Secret.fromString(key)
println(secret.getPlainText())

@sigmunau
Copy link

@vijayg92 , @egr-ext This works for me:

println(new String(com.cloudbees.plugins.credentials.SecretBytes.fromString("{....}").getPlainData(), "ASCII"))

@TheFluo
Copy link

TheFluo commented Aug 24, 2023
edited
Loading

Hello, if you don't have acces to the console ... to verify for example the LDAP password that was encrypted ... how do you decrypt the generated password in the config.xml for the LDAP ?

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment