Skip to content

Instantly share code, notes, and snippets.

Embed
What would you like to do?
Dump jenkins credentials - use in script console
import com.cloudbees.plugins.credentials.*
import com.cloudbees.plugins.credentials.common.*
import com.cloudbees.plugins.credentials.domains.*
import com.cloudbees.plugins.credentials.impl.*
import com.cloudbees.jenkins.plugins.sshcredentials.impl.*
import org.jenkinsci.plugins.plaincredentials.impl.*
// def item = Jenkins.instance.getItem("your-folder")
def creds = CredentialsProvider.lookupCredentials(
com.cloudbees.plugins.credentials.Credentials.class,
Jenkins.instance, // replace with item to get folder or item scoped credentials
null,
null
);
for (credential in creds) {
if (credential instanceof UsernamePasswordCredentialsImpl) {
println credential.getId() + " " + credential.getUsername() + " " + credential.getPassword().getPlainText()
} else if (credential instanceof StringCredentialsImpl) {
println credential.getId() + " " + credential.getSecret().getPlainText()
} else if(credential instanceof BasicSSHUserPrivateKey) {
println credential.getId() + " " + credential.getUsername() + "\n" + credential.getPrivateKey()
} else if (credential.getClass().toString() == "class com.microsoft.azure.util.AzureCredentials") {
println "AzureCred:" + credential.getSubscriptionId() + " " + credential.getClientId() + " " + credential.getPlainClientSecret() + " " + credential.getTenant()
} else if (credential.getClass().toString() == "class org.jenkinsci.plugins.github_branch_source.GitHubAppCredentials") {
println credential.getId() + " " + credential.getUsername() + "\n" + credential.getPrivateKey().getPlainText()
} else if (credential.getClass().toString() == "class com.cloudbees.jenkins.plugins.awscredentials.AWSCredentialsImpl") {
println credential.getId() + " " + credential.getAccessKey() + " " + credential.getSecretKey()
} else {
println credential.getClass()
}
}
@kangnaclub9

This comment has been minimized.

Copy link

@kangnaclub9 kangnaclub9 commented Apr 18, 2020

import com.cloudbees.plugins.credentials.*
import com.cloudbees.plugins.credentials.common.*
import com.cloudbees.plugins.credentials.domains.*
import com.cloudbees.plugins.credentials.impl.*
import com.cloudbees.jenkins.plugins.sshcredentials.impl.*
import org.jenkinsci.plugins.plaincredentials.impl.*

domain = Domain.global()
store = SystemCredentialsProvider.getInstance().getStore()

for (credential in store.getCredentials(domain)) {
if (credential instanceof UsernamePasswordCredentialsImpl) {
println credential.getId() + " " + credential.getUsername() + " " + credential.getPassword().getPlainText()
} else if (credential instanceof StringCredentialsImpl) {
println credential.getId() + " " + credential.getSecret().getPlainText()
} else if(credential instanceof BasicSSHUserPrivateKey) {
println credential.getId() + " " + credential.getUsername() + "\n" + credential.getPrivateKey()
} else if (credential instanceof com.microsoft.azure.util.AzureCredentials) {
println "AzureCred:" + credential.getSubscriptionId() + " " + credential.getClientId() + " " + credential.getPlainClientSecret() + " " + credential.getTenant()
} else {
println credential
}

}

@petamas

This comment has been minimized.

Copy link

@petamas petamas commented Apr 22, 2021

Extend with this to dump AWS credentials too:

  } else if (credential.getClass().toString() == "class com.cloudbees.jenkins.plugins.awscredentials.AWSCredentialsImpl") {
    println credential.getId() + " " + credential.getAccessKey() + " " + credential.getSecretKey()
@timja

This comment has been minimized.

Copy link
Owner Author

@timja timja commented Apr 22, 2021

updated

@wawrzek

This comment has been minimized.

Copy link

@wawrzek wawrzek commented Jul 20, 2021

Very useful script. I would probably add an extra empty line between credentials.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment