How to decrypt Jenkins password?

Question

In my secrets folder I have these files

-rw-r--r--  1 root root  272 Oct  2 11:07 hudson.console.AnnotatedLargeText.consoleAnnotator
-rw-r--r--  1 root root   48 Sep 23 11:40 hudson.console.ConsoleNote.MAC
-rw-r--r--  1 root root   32 Sep 23 11:42 hudson.model.Job.serverCookie
-rw-r--r--  1 root root  272 Sep 23 11:39 hudson.util.Secret
-rw-r--r--  1 root root   32 Sep 23 11:16 jenkins.model.Jenkins.crumbSalt
-rw-r--r--  1 root root  256 Sep 23 11:16 master.key
-rw-r--r--  1 root root  272 Sep 23 11:16 org.jenkinsci.main.modules.instance_identity.InstanceIdentity.KEY
-rw-r--r--  1 root root  272 Sep 23 11:49 org.jenkinsci.plugins.workflow.log.ConsoleAnnotators.consoleAnnotator
-rw-r--r--  1 root root   48 Sep 23 11:39 org.springframework.security.web.authentication.rememberme.TokenBasedRememberMeServices.mac

In my case hudson.utils.secrets is binary

od -h hudson.util.Secret 
0000000 5f25 eee1 0763 1b49 c074 ee22 af85 4e10
0000020 00cf dd32 b568 fae3 257a 8d6e 1e56 d995

I installed groovy,I looked at HOW TO DECRYPT FROM CREDENTIALS What should I do?

score 0 · Accepted Answer · answered Nov 18 '22 at 12:29

Jenkins uses string interpolation to take password as input and it uses AES to encrypt and protect secrets, credentials, and their respective encryption keys.

So, using direct or simple approach will not work. Although you can try to assign the password to a string variable and the print it in log it works in most the cases until the password itself is saved after encrypting.

How to decrypt Jenkins password?

1 Answers1