I am using curl - u user:password -X post method in shell script to trigger my Jenkins jobs externally. While using this method I am providing my credentials to access Jenkins. Is there any way to hide or encrypt credentials.?
Asked
Active
Viewed 662 times
1
-
https://programming.vip/docs/use-a-curl-with-a-username-and-password.html – dmkvl Dec 04 '20 at 15:26
-
https://stackoverflow.com/questions/2594880/using-curl-with-a-username-and-password/27894407#27894407 https://security.stackexchange.com/questions/205479/is-it-insecure-to-send-a-password-in-a-curl-command – Sudip Ghimire Dec 05 '20 at 02:00
1 Answers
1
Curl with -u does not support encrypt username and password but you can do it in different way to hide username and password
- Create an environment variable Use that on your curl command like below :
export USERNAME=""
export PASSWORD=""
after that
curl -u $USERNAME:$PASSWORD -X POST ...
- Make use of .netrc file with curl command.
curl command option for .netrc file
-n, --netrc Must read .netrc for user name and password
--netrc-file <filename> Specify FILE for netrc
Steps to use .netrc
- Create a .netrc file on your home directory (~) with content
machine jenkins.url
login username
password jenkinsTokenOrPassword
- invoke curl command
curl -n -X POST ....
Note. If you don't want to keep your .netrc file on your home directory ~ , than place it somewhere else but make sure let curl know about the location like curl --netrc-file /path/to/.netrc -X POST ...
Samit Kumar Patel
- 1,932
- 1
- 13
- 20