Home / server / Questions / 299425
Accepted
Catskul
Asked: 2011-08-10 14:33:43 +0800 CST

Is Jenkins/Hudson ciphered password storage "safe"?

  • 772

In setting up our Jenkins/Hudson server recently it became clear that it has to store passwords. It seems that it stores the passwords "ciphered" in config.xml I can't see how this would be safe as the chain of secrets has to break somewhere.

  • Can Jenkins' ciphered passwords be considered "safe"?
  • Is this just security through obscurity?

I should specify that we're using Jenkins 1.425.

password hudson configuration password-management

1 Answers

  1. Best Answer

    It looks to be AES128 encrypted using a key stored locally. You're exactly right that it's essentially just a layer of obscurity - conceptually, the only options available in a situation like this are to require a password to be entered at the time the service starts as a decryption key, or to store the key somewhere locally; a good analogue is encrypted SSL certificates for a web server.

    The comments in the code for the hudson.util.Secret class make clear that they understand the security limitations of this method:

    Glorified String that uses encryption in the persisted form, to avoid accidental exposure of a secret. Note that since the cryptography relies on Hudson.getSecretKey(), this is not meant as a protection against code running in the same VM, nor against an attacker who has local file system access.

    • 6