Class ConfidentialKey

Direct Known Subclasses:
CryptoConfidentialKey, HexStringConfidentialKey, HMACConfidentialKey, RSAConfidentialKey

public abstract class ConfidentialKey extends Object
Confidential information that gets stored as a singleton in Jenkins, mostly some random token value.

The actual value is persisted via ConfidentialStore, but each use case that requires a secret like this should use a separate ConfidentialKey instance so that one compromised ConfidentialKey (say through incorrect usage and failure to protect it) shouldn't compromise all the others.

ConfidentialKey is ultimately a sequence of bytes, but for convenience, a family of subclasses are provided to represent the secret in different formats. See HexStringConfidentialKey and HMACConfidentialKey for example. In addition to the programming ease, these use case specific subtypes make it harder for vulnerability to creep in by making it harder for the secret to leak.

The ConfidentialKey subtypes are expected to be used as a singleton, like JnlpAgentReceiver.SLAVE_SECRET. For code that relies on XStream for persistence (such as Builders, SCMs, and other fragment objects around builds and jobs), Secret provides more convenient way of storing secrets.

Kohsuke Kawaguchi
See Also:
  • Constructor Details

    • ConfidentialKey

      protected ConfidentialKey(String id)
  • Method Details