Skip to content

Instantly share code, notes, and snippets.

@timja
Last active August 8, 2024 09:55
Show Gist options
  • Save timja/04afb12c8ad909e400317a2ad9c88445 to your computer and use it in GitHub Desktop.
Save timja/04afb12c8ad909e400317a2ad9c88445 to your computer and use it in GitHub Desktop.
Dump jenkins credentials - use in script console
import com.cloudbees.plugins.credentials.*
import com.cloudbees.plugins.credentials.common.*
import com.cloudbees.plugins.credentials.domains.*
import com.cloudbees.plugins.credentials.impl.*
import com.cloudbees.jenkins.plugins.sshcredentials.impl.*
import org.jenkinsci.plugins.plaincredentials.impl.*
// def item = Jenkins.instance.getItem("your-folder")
def creds = CredentialsProvider.lookupCredentials(
com.cloudbees.plugins.credentials.Credentials.class,
Jenkins.instance, // replace with item to get folder or item scoped credentials
null,
null
);
for (credential in creds) {
if (credential instanceof UsernamePasswordCredentialsImpl) {
println credential.getId() + " " + credential.getUsername() + " " + credential.getPassword().getPlainText()
} else if (credential instanceof StringCredentialsImpl) {
println credential.getId() + " " + credential.getSecret().getPlainText()
} else if(credential instanceof BasicSSHUserPrivateKey) {
println credential.getId() + " " + credential.getUsername() + "\n" + credential.getPrivateKey() + "\n Passphrase: " + credential.getPassphrase()
} else if (credential.getClass().toString() == "class com.microsoft.azure.util.AzureCredentials") {
println "AzureCred:" + credential.getSubscriptionId() + " " + credential.getClientId() + " " + credential.getPlainClientSecret() + " " + credential.getTenant()
} else if (credential.getClass().toString() == "class org.jenkinsci.plugins.github_branch_source.GitHubAppCredentials") {
println credential.getId() + " " + credential.getUsername() + "\n" + credential.getPrivateKey().getPlainText()
} else if (credential.getClass().toString() == "class com.cloudbees.jenkins.plugins.awscredentials.AWSCredentialsImpl") {
println credential.getId() + " " + credential.getAccessKey() + " " + credential.getSecretKey()
} else if (credential.getClass().toString() == "class com.microsoft.jenkins.keyvault.SecretStringCredentials"
|| credential.getClass().toString() == "class org.jenkinsci.plugins.azurekeyvaultplugin.credentials.string.AzureSecretStringCredentials") {
} else {
println credential.getClass()
}
}
@kangnaclub9
Copy link

import com.cloudbees.plugins.credentials.*
import com.cloudbees.plugins.credentials.common.*
import com.cloudbees.plugins.credentials.domains.*
import com.cloudbees.plugins.credentials.impl.*
import com.cloudbees.jenkins.plugins.sshcredentials.impl.*
import org.jenkinsci.plugins.plaincredentials.impl.*

domain = Domain.global()
store = SystemCredentialsProvider.getInstance().getStore()

for (credential in store.getCredentials(domain)) {
if (credential instanceof UsernamePasswordCredentialsImpl) {
println credential.getId() + " " + credential.getUsername() + " " + credential.getPassword().getPlainText()
} else if (credential instanceof StringCredentialsImpl) {
println credential.getId() + " " + credential.getSecret().getPlainText()
} else if(credential instanceof BasicSSHUserPrivateKey) {
println credential.getId() + " " + credential.getUsername() + "\n" + credential.getPrivateKey()
} else if (credential instanceof com.microsoft.azure.util.AzureCredentials) {
println "AzureCred:" + credential.getSubscriptionId() + " " + credential.getClientId() + " " + credential.getPlainClientSecret() + " " + credential.getTenant()
} else {
println credential
}

}

@petamas
Copy link

petamas commented Apr 22, 2021

Extend with this to dump AWS credentials too:

  } else if (credential.getClass().toString() == "class com.cloudbees.jenkins.plugins.awscredentials.AWSCredentialsImpl") {
    println credential.getId() + " " + credential.getAccessKey() + " " + credential.getSecretKey()

@timja
Copy link
Author

timja commented Apr 22, 2021

updated

@wawrzek
Copy link

wawrzek commented Jul 20, 2021

Very useful script. I would probably add an extra empty line between credentials.

@Pero110290
Copy link

Not

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment