"Scripts not permitted to use field hudson.util.Secret value" when passing a password parameter to a downstream job in a Jenkinsfile

Question

I have a Jenkinsfile with a password parameter.

I need to pass this password to a downstream job (I don't even need to read it before passing it)

I expected the following code to work :

        def downstreamJob = build job: 'myDownStreamJob', parameters: [
            [$class: 'StringParameterValue', name: 'adminUser', value: params.adminUser],
            [$class: 'hudson.model.PasswordParameterValue', name: 'adminPassword', value: params.adminPassword.value]]

But it fails with :

org.jenkinsci.plugins.scriptsecurity.sandbox.RejectedAccessException: Scripts not permitted to use field hudson.util.Secret value

https://plugins.jenkins.io/permissive-script-security might be a workaround but it opens a big security hole, as it disables all the sandbox securities of all Jenkins builds.

I tried to pass the params or params.adminPassword objects themselves, but did not succeed

You're right! I had not seen it was possible to approve the usage of this signature in the "In-Process script approval" : it works. I would have prefered to disable the sandbox for that particular pipeline, but it does not seem to be possible when reading the pipeline from SCM. — Mossroy, Dec 04 '19 at 13:58
Thanks for your feedback : it probably deserves a real stackoverflow answer for you to have the credit. — Mossroy, Dec 04 '19 at 14:01

"Scripts not permitted to use field hudson.util.Secret value" when passing a password parameter to a downstream job in a Jenkinsfile

0 Answers0