Recipe how to recover Jenkins plain secret text credential via the web user interface

13 Nov 2021 - tsp
Last update 13 Nov 2021
Reading time 1 min

Everyone knows this situation - you’ve configured Jenkins to handle webhooks and you’ve forgotten the plain text secret that is used to authenticate your GitLab or BitHub WebHooks that should trigger Jenkins jobs on pushes to different branches of your repositories and would have to configure a new one. In this case one has three possible routes that one can take now:

On first sight it doesn’t look like Jenkins would expose the plain text secret - GitHub never does for example as one would expect a webservice to do. But in the Jenkins UI there is a solution:

This can easily be decrypted using the Jenkins script console that’s accessible at /script. Just use the following short script command using the previously recovered encrypted credential:

println hudson.util.Secret.decrypt("{AQAAABAAAAAwDBdOTwDoluIDh9ZxGn6nAQsy+JWp9M1MSYsGcpQS5/BRM09YSqWQBDb+O77fbyOcURKSwcgxZguYU0TqXHG01g==}")

The plain test secret will be shown in the results.

This article is tagged:

Data protection policy

Dipl.-Ing. Thomas Spielauer, Wien (

This webpage is also available via TOR at http://rh6v563nt2dnxd5h2vhhqkudmyvjaevgiv77c62xflas52d5omtkxuid.onion/

Valid HTML 4.01 Strict Powered by FreeBSD IPv6 support