Linux Systems Articles for better insights

How to censor Jenkins passwords

In our environment we use Ansible through Jenkins frequently and an ansible-playbook I wrote started exposing secrets that I did not want in Jenkins logs. ansible-playbook outputs real-time status about the deploy but also leaks secrets.

There were two ways I discovered how to filter, censor, or alter sensitive data in Jenkins output.

Using grep/egrep

ansible-playbook | egrep --line-buffered -v 'DEPLOY_TOKEN='

Using sed

I found this to be the most useful, as you can use regex and replace the text CENSORED so you know a password was there.

ansible-playbook | sed -u -e 's/DEPLOY_TOKEN=(.*)/***CENSORED FROM JENKINS***/g'