2

Instead of hard coding my password onto the batch command window, I want to use tools to hide my credentials.

Credentials work properly when hard coded but I am receiving this error when trying to mas my password using, "Mask password and regexes" and "Use secret test(s) or file(s)" Secret text: Masking and Expressions Secret text

Error: The remote server returned an error: (401) Unauthorized.

My password is masked properly on the batch command:

C:/"Program Files (x86)/IIS/Microsoft Web Deploy V3/msdeploy.exe" -verb:sync -source:package="webApp1/webApp1/obj/DEBUG/_PublishedWebsites/webApp1_Package/webApp1.zip" -dest:auto,computerName=https://MYCIServer:8172/msdeploy.axd,username=DOMAIN\UserName,password=IIS_Pass,authType=basic -allowUntrusted

Here's how it appears on the logs:

username=DOMAIN\UserName,password=************,authType=basic

Does "Mask passwords and regexes (and enable global passwords), Inject passwords to the build as environment variables or Use secret text(s) or file(s)" work with Batch Commands? If yes, please provide me with the steps you went through to get this to work.

Lgalan90
  • 595
  • 2
  • 12
  • 31
  • Please provide more detail as to how you are masking the password. Are you somehow assigning it to a variable? I have no clue how this masks the password: `password=IIS_Pass` – Squashman Dec 13 '17 at 22:19
  • @Squashman I have added some images to show you how I've attempted to hide my password in the command. Let me know if you need anymore information. – Lgalan90 Dec 14 '17 at 14:19
  • 1
    Does your password include any special character? (that would need to be percent encoded: https://en.wikipedia.org/wiki/Percent-encoding#Character_data) – VonC Jan 05 '18 at 20:12
  • Thanks @VonC, I just tried it with the "Mask passwords and regexes (and enable global passwords)". My password was written in this format "JKn29%2D88321" with the %2D nested in there. Is this correct? – Lgalan90 Jan 07 '18 at 15:18
  • @Lgalan90 Yes, except %2D is for hyphen-minus (`-`), which is not the same as hyphen (`-`), as I know from https://stackoverflow.com/a/170148/6309. Make sure you are using the regular -. – VonC Jan 07 '18 at 15:24
  • @VonC I just tried it with "JKn29U+002D88321" as well as couple other variations with the UTF Characters including: U+2010, U+2011, U+2012, and U+2013 but no luck. Do you have any other suggestions? – Lgalan90 Jan 07 '18 at 16:15
  • %2D should have worked. Just to be sure, can you try with an account and a password *without* any special characters? – VonC Jan 07 '18 at 16:22
  • @VonC unfortunately, our admins require us to have a character in our passwords. Also, the server I'm installing Jenkins on is linked to our user/password. Though, I would like to reiterate that when I do hard code my password onto the server it works just fine, I only have the issue when I use the Masks, Inject or Secret Build choices to hide my password. – Lgalan90 Jan 08 '18 at 15:32
  • Willing to try workarounds at this point as well! – Lgalan90 Jan 08 '18 at 19:56

1 Answers1

3

IIS_Pass should be an environment variable. In a bash script it would be $IIS_Pass and I think for windows it would be password="%IIS_Pass%"

C:/"Program Files (x86)/IIS/Microsoft Web Deploy V3/msdeploy.exe" -verb:sync -source:package="webApp1/webApp1/obj/DEBUG/_PublishedWebsites/webApp1_Package/webApp1.zip" -dest:auto,computerName=https://MYCIServer:8172/msdeploy.axd,username=DOMAIN\UserName,password="%IIS_Pass%",authType=basic -allowUntrusted

Jared Chmielecki
  • 439
  • 4
  • 13
  • 1
    YES!!! I've looked through just about every password masking article on google, I guess I need to work on my search skills. Thank you all for your time, this has been a good learning experience for me. :) – Lgalan90 Jan 11 '18 at 21:01