Jenkins 中存储的加密密钥在哪里? [英] Where's the encryption key stored in Jenkins?
问题描述
我正在尝试将凭据从一个 Jenkins 迁移到另一个,但用户名/密码在 ${JENKINS_HOME}/credentials.xml 中散列
I am trying to migrate the credentials from one Jenkins to another but usernames/passwords are hashed in ${JENKINS_HOME}/credentials.xml
我找到了这个answer,但问题是它没有说明有人会在哪里按顺序找到加密密钥成功迁移凭据.
I found this answer, but the problem is it doesn't explain where would someone find the encryption key in order to successfully migrate credentials.
非常感谢任何帮助!
编辑:更多信息.. 我的 ${JENKINS_HOME} 位于一个单独的卷上,我将其分离并重新附加到新 VM 上,但它仍然无法与我一起使用.
EDIT: More information.. my ${JENKINS_HOME} is on a separate volume which I detach and re-attach onto the new VM, and it still doesn't work with me.
推荐答案
我发现这个分析(截至 2020 年 6 月,链接已失效,存档在这里)非常有帮助.简而言之:
I found this analysis (link is dead as of June 2020, archived here) very helpful. In a nutshell:
Jenkins 使用 master.key 来加密密钥 hudson.util.Secret.然后使用此密钥对 credentials.xml 中的密码进行加密.
Jenkins uses the master.key to encrypt the key hudson.util.Secret. This key is then used to encrypt the password in credentials.xml.
当我需要使用一些默认密码引导新的 Jenkins 实例时,我会使用包含
When I need to bootstrap new Jenkins instances with some default passwords, I use a template directory tree that contains
secrets/hudson.util.Secret和secrets/master.key
这很好用.
这篇关于Jenkins 中存储的加密密钥在哪里?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
