13 Nov 2021 - tsp
Last update 13 Nov 2021
Everyone knows this situation - you’ve configured Jenkins to handle webhooks and you’ve forgotten the plain text secret that is used to authenticate your GitLab or BitHub WebHooks that should trigger Jenkins jobs on pushes to different branches of your repositories and would have to configure a new one. In this case one has three possible routes that one can take now:
On first sight it doesn’t look like Jenkins would expose the plain text secret - GitHub never does for example as one would expect a webservice to do. But in the Jenkins UI there is a solution:
Manage Jenkins ->
Update. Then the key is shown as
Concealed as one
Change password and inspect the element using your browser.
This should look somewhat like
This can easily be decrypted using the Jenkins script console that’s accessible
/script. Just use the following short script command using the previously
recovered encrypted credential:
The plain test secret will be shown in the results.
This article is tagged:
Dipl.-Ing. Thomas Spielauer, Wien (email@example.com)
This webpage is also available via TOR at http://rh6v563nt2dnxd5h2vhhqkudmyvjaevgiv77c62xflas52d5omtkxuid.onion/