While moving CI scripts from Jenkins to GitHub Actions, I faced an issue with moving secrets and other environmental variables. Here are a few groove scripts that help me obtain most of the “Secret text”, “Username and password” and other creds that Jenkins stores.
Most of my CI scripts were using secretes from the Credentials section (Manage Jenkins -> Manage Credentials):
The easiest solution I found to obtain all the credentials and other secrets from Jenkins is using Groovy Script in Jenkins UI.Open following address in browser: {yourJenkinsInstallation}/script
And try one of both scripts to retrieve Jenkins secrets
Script1
import jenkins.* import jenkins.model.* import hudson.* import hudson.model.*Object.metaClass.getPropertySafe = { delegate.hasProperty(it)?. getProperty(delegate) } def jenkinsCredentials = com.cloudbees.plugins. credentials. CredentialsProvider. lookupCredentials( com.cloudbees.plugins. credentials.Credentials.class, Jenkins.instance, null, null ); for (creds in jenkinsCredentials) { print("id: " + creds.id); for (attr in ["secret", "username", "password", "description"]) { value = creds.getPropertySafe(attr); if (value) { print(" [" + attr + ":" + value + "] "); } } println(""); }
Script2
import jenkins.model.*
import com.cloudbees.plugins.credentials.*
import com.cloudbees.plugins.credentials.impl.*
import com.cloudbees.plugins.credentials.domains.*
import com.cloudbees.jenkins.plugins.sshcredentials.impl.BasicSSHUserPrivateKey
import com.cloudbees.jenkins.plugins.awscredentials.AWSCredentialsImpl
import org.jenkinsci.plugins.plaincredentials.StringCredentials
import org.jenkinsci.plugins.plaincredentials.impl.FileCredentialsImpl
def showRow = { credentialType, secretId, username = null, password = null, description = null ->
println("${credentialType} : ".padLeft(20) + secretId?.padRight(38)+" | " +username?.padRight(20)+" | " +password?.padRight(40) + " | " +description)
}
// set Credentials domain name (null means is it global)
domainName = null
credentialsStore = Jenkins.instance.getExtensionList('com.cloudbees.plugins.credentials.SystemCredentialsProvider')[0]?.getStore()
domain = new Domain(domainName, null, Collections.<DomainSpecification>emptyList())
credentialsStore?.getCredentials(domain).each{
if(it instanceof UsernamePasswordCredentialsImpl)
showRow("user/password", it.id, it.username, it.password?.getPlainText(), it.description)
else if(it instanceof BasicSSHUserPrivateKey)
showRow("ssh priv key", it.id, it.passphrase?.getPlainText(), it.privateKeySource?.getPrivateKey()?.getPlainText(), it.description)
else if(it instanceof AWSCredentialsImpl)
showRow("aws", it.id, it.accessKey, it.secretKey?.getPlainText(), it.description)
else if(it instanceof StringCredentials)
showRow("secret text", it.id, it.secret?.getPlainText(), '', it.description)
else if(it instanceof FileCredentialsImpl)
showRow("secret file", it.id, it.content?.text, '', it.description)
else
showRow("something else", it.id, '', '', '')
}
return
All the information for solving this issue I found online. Here are the useful links: