public final class Secret extends Object implements Serializable
String
that uses encryption in the persisted form, to avoid accidental exposure of a secret.
This is not meant as a protection against code running in the same VM, nor against an attacker who has local file system access on Jenkins master.
Secret
s can correctly read-in plain text password, so this allows the existing
String field to be updated to Secret
.
Modifier and Type | Class and Description |
---|---|
static class |
Secret.ConverterImpl |
Modifier and Type | Field and Description |
---|---|
static boolean |
AUTO_ENCRYPT_PASSWORD_CONTROL |
static boolean |
BLANK_NONSECRET_PASSWORD_FIELDS_WITHOUT_ITEM_CONFIGURE |
static Pattern |
ENCRYPTED_VALUE_PATTERN
Pattern matching a possible output of
getEncryptedValue()
Basically, any Base64-encoded value optionally wrapped by {} . |
Modifier and Type | Method and Description |
---|---|
static Secret |
decrypt(String data)
Reverse operation of
getEncryptedValue() . |
boolean |
equals(Object that) |
static Secret |
fromString(String data)
Attempts to treat the given string first as a cipher text, and if it doesn't work,
treat the given string as the unencrypted secret value.
|
static Cipher |
getCipher(String algorithm)
Workaround for JENKINS-6459 / http://java.net/jira/browse/GLASSFISH-11862
This method uses specific provider selected via hudson.util.Secret.provider system property
to provide a workaround for the above bug where default provide gives an unusable instance.
|
String |
getEncryptedValue()
Encrypts
value and returns it in an encoded printable form. |
String |
getPlainText()
Obtains the plain text password.
|
int |
hashCode() |
String |
toString()
Deprecated.
as of 1.356
Use
toString(Secret) to avoid NPE in case Secret is null.
Or if you really know what you are doing, use the getPlainText() method. |
static String |
toString(Secret s)
Works just like
toString() but avoids NPE when the secret is null. |
@Restricted(value=org.kohsuke.accmod.restrictions.NoExternalUse.class) public static final Pattern ENCRYPTED_VALUE_PATTERN
getEncryptedValue()
Basically, any Base64-encoded value optionally wrapped by {}
.
You must then call decrypt(String)
to eliminate false positives.ENCRYPTED_VALUE_PATTERN
@Restricted(value=org.kohsuke.accmod.restrictions.NoExternalUse.class) public static final boolean AUTO_ENCRYPT_PASSWORD_CONTROL
@Restricted(value=org.kohsuke.accmod.restrictions.NoExternalUse.class) public static boolean BLANK_NONSECRET_PASSWORD_FIELDS_WITHOUT_ITEM_CONFIGURE
@Deprecated public String toString()
toString(Secret)
to avoid NPE in case Secret is null.
Or if you really know what you are doing, use the getPlainText()
method.toString
in class Object
getEncryptedValue()
@NonNull public String getPlainText()
toString(Secret)
to avoid NPE.public String getEncryptedValue()
value
and returns it in an encoded printable form.toString()
@CheckForNull public static Secret decrypt(@CheckForNull String data)
getEncryptedValue()
. Returns null
if the given cipher text was invalid.public static Cipher getCipher(String algorithm) throws GeneralSecurityException
GeneralSecurityException
@NonNull public static Secret fromString(@CheckForNull String data)
Useful for recovering a value from a form field.
@NonNull public static String toString(@CheckForNull Secret s)
toString()
but avoids NPE when the secret is null.
To be consistent with fromString(String)
, this method doesn't distinguish
empty password and null password.Copyright © 2004–2021. All rights reserved.