Is Jenkins/Hudson ciphered password storage "safe"?

password configuration password-management hudson

In setting up our Jenkins/Hudson server recently it became clear that it has to store passwords. It seems that it stores the passwords "ciphered" in config.xml I can't see how this would be safe as the chain of secrets has to break somewhere.

  • Can Jenkins' ciphered passwords be considered "safe"?
  • Is this just security through obscurity?

I should specify that we're using Jenkins 1.425.


Solution 1:

It looks to be AES128 encrypted using a key stored locally. You're exactly right that it's essentially just a layer of obscurity - conceptually, the only options available in a situation like this are to require a password to be entered at the time the service starts as a decryption key, or to store the key somewhere locally; a good analogue is encrypted SSL certificates for a web server.

The comments in the code for the hudson.util.Secret class make clear that they understand the security limitations of this method:

Glorified String that uses encryption in the persisted form, to avoid accidental exposure of a secret. Note that since the cryptography relies on Hudson.getSecretKey(), this is not meant as a protection against code running in the same VM, nor against an attacker who has local file system access.

Related

How to pin powershell scripts to taskbar? [closed]
WSUS not making available all updates
Is there a recommended automated production environment setup for Microsoft stack?
How can I prevent Terminal Server Users from restarting the server after an Automatic Update?
How to clear the DMI System Event Log from linux?
Expose IIS SMTP Pickup folder as a file share - bad idea?
Is it ok to add users to the 'apache' group?
Properly remove Exchange after migrating to Google Apps? Or leave it?
How to generate good serials for DNS zones with Puppet?
Environment variable not being picked up by app when started with Upstart (Ubuntu)
Meaning of Cached Available and Free Memory in Task Manager's Performance "Physical Memory" section?
Should I set diffie helman parameters for nginx ssl