Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

SECURITY ISSUE: JENKINS_HOME.gitignore must ignore credentials.xml #4547

Closed
wants to merge 2 commits into from
Closed

SECURITY ISSUE: JENKINS_HOME.gitignore must ignore credentials.xml #4547

Changes from all commits
Commits
Show all changes
2 commits
Select commit Hold shift + click to select a range
acde5c5
SECURITY ISSUE: JENKINS_HOME.gitignore must ignore credentials.xml, a…
Dec 11, 2024
64c9a7b
Modified jenkins .gitignore to include job config files. Job config.x…
Dec 12, 2024
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
21 changes: 14 additions & 7 deletions JENKINS_HOME.gitignore
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -4,11 +4,12 @@
# http://jenkins-ci.org/
# https://wiki.jenkins-ci.org/display/JENKINS/Administering+Jenkins
#
# Note: secret.key is purposefully not tracked by git. This should be backed up
# separately because configs may contain secrets which were encrypted using the
# secret.key. To back up secrets use 'tar -czf /tmp/secrets.tgz secret*' and
# save the file separate from your repository. If you want secrets backed up
# with configuration, then see the bottom of this file for an example.
# Note: secret.key and credentials.xml are purposefully not tracked by git.
# They should be backed up separately because configs may contain secrets which
# were encrypted using the secret.key. To back up secrets use
# 'tar -czf /tmp/secrets.tgz secret*' and save the files separate from your
# repository. If you want secrets backed up with configuration, then see the
# bottom of this file for an example.

# Ignore all JENKINS_HOME except jobs directory, root xml config, and
# .gitignore file.
Expand All @@ -17,10 +18,11 @@
!/.gitignore
!/*.xml

# Ignore all files in jobs subdirectories except for folders.
# Ignore all files in jobs subdirectories except for folders and job config.
# Note: git doesn't track folders, only file content.
jobs/**
!jobs/**/
!jobs/**/config.xml

# Uncomment the following line to save next build numbers with config.

Expand All @@ -40,7 +42,12 @@ jobs/**/*workspace

# Security warning: If secrets are included with your configuration, then an
# adversary will be able to decrypt all encrypted secrets within Jenkins
# config. Including secrets is a bad practice, but the example is included in
# config.

# Ignore credentials.xml, as it can contain encrypted secrets.
**/credentials.xml

# Including secrets is a bad practice, but the example is included in
# case someone still wants it for convenience. Uncomment the following line to
# include secrets for decryption with repository configuration in Git.

Expand Down