android build在jenkins上发布apk，而无需以纯文本格式存储我的密码 [英] android build release apk on jenkins, without storing my password in plain text

问题描述

我需要能够使用Jenkins作业构建我的apk的发行版.

I need to be able to build the release version of my apk, using a Jenkins job.

通过阅读以下SO问题

如何创建发行版使用Gradle签名的apk文件?

我知道我可以通过以下两种方式之一来做到这一点.要么让用户在cmd提示符下输入密码，要么将我的密码详细信息存储在一个不会提交给git的纯文本文件中，并且位于我的本地计算机上.

I understand I can do it in one of two ways. Either get the user to enter the password at cmd prompt, or store my password details in a plain text file that doesn't get committed to git, and lives on my local machine.

但是在jenkins上运行构建作业时，这些都不起作用. 1)我无法获得用户输入，因为这可能是在深夜运行的(即使用户在他们的机器上，我什至都不知道如何从cmd线获得用户输入)2)任何可以获得对该构建框的访问权限，将能够通过cmd行或该jenkins服务器上运行的另一个build.gradle作业来管理该文件的内容.

Neither of these will work when running the build job on jenkins though. 1) I can't gain user input because this may be running in the middle of the night (I don't even know how to get user input from the cmd line even if the user was at their machine) 2) Anyone who can gain access to that build box, would be able to cat the contents of that file either via the cmd line or from another build.gradle job running on that jenkins server.

有人知道我可以隐藏密码但让Jenkins作业可以访问它吗?

Does anyone know of anyway I can keep my password hidden but so that the Jenkins job can access it?

谢谢

推荐答案

您可以使用屏蔽密码插件"来完成此任务.或EnvInject插件中包含相同的功能，并且所有Jenkins项目迟早都需要EnvInject插件(它可以做很多其他事情)，所以不妨现在就开始使用它.

You can use Mask Password Plugin, which does just that. Or the same functionality is included in EnvInject plugin, and sooner or later all Jenkins projects get a need for EnvInject plugin (that does many other things), so might as well start using it now.

• 安装 EnvInject插件 .
• 在 Jenkins全局配置下，找到全局密码部分.
• 添加名称(这将是环境变量名称)和密码(将加星号****).
• 在作业配置下，找到构建环境部分.
• 选中标记将密码作为环境变量注入到内部版本.
• 然后选中全局密码.

• Install EnvInject plugin.
• Under Jenkins Global Configuration, find Global Passwords section.
• Add a name (this will be the environment variable name) and password (will be starred **** ).
• Under Job Configuration, find Build Environment section.
• Checkmark Inject passwords to the build as environment variables.
• Then checkmark Global passwords.

在任何构建步骤中，您现在都可以使用$name(如先前所定义)来引用密码，就像使用纯文本键入密码时一样.

In any build step, you can now use $name (as defined earlier) to refer to a password as you would if you were typing it in plain text.

• 仅在作业执行时才注入password变量(在服务器的命令行上单独键入$name不会产生任何结果，并且像所有Jenkins变量一样，它不是持久性的.)
• 如果出现，作业控制台日志将显示****而不是密码.
• 您可以为每个作业而不是全局配置密码，以便其他作业无法使用它.

• The password variable is injected only at job execution time (typing $name on command line of the server by itself will not produce anything, and like all Jenkins variables, it is not persistent).
• The job console log will show **** instead of password, if it appears.
• You could configure passwords per job, rather than globally, so that other jobs can't use it.

唯一的安全问题是，如果某人具有管理权限以配置您的工作，则他们可以将echo $name > secretpassword.txt写入构建步骤，然后在工作区中查看该文件.但是您应该小心，将管理权限分配给谁.

The only security concern is that if someone has administrative permissions to configure your job, they can write echo $name > secretpassword.txt into a build step, and then review the file in the workspace. But you should be careful who you assign administrative rights to.

这篇关于android build在jenkins上发布apk，而无需以纯文本格式存储我的密码的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！