hudson.util
Class Secret

java.lang.Object
  hudson.util.Secret

All Implemented Interfaces:

Serializable

public final class Secret
extends Object
implements Serializable

Glorified String that uses encryption in the persisted form, to avoid accidental exposure of a secret.

This is not meant as a protection against code running in the same VM, nor against an attacker who has local file system access on Jenkins master.

Secrets can correctly read-in plain text password, so this allows the existing String field to be updated to Secret.

Author:

Kohsuke Kawaguchi

See Also:

Serialized Form

Nested Class Summary

static class

Secret.ConverterImpl

Method Summary

static Secret	decrypt(String data) Reverse operation of getEncryptedValue().
boolean	equals(Object that)
static Secret	fromString(String data) Attempts to treat the given string first as a cipher text, and if it doesn't work, treat the given string as the unencrypted secret value.
static Cipher	getCipher(String algorithm) Workaround for JENKINS-6459 / http://java.net/jira/browse/GLASSFISH-11862 This method uses specific provider selected via hudson.util.Secret.provider system property to provide a workaround for the above bug where default provide gives an unusable instance.
String	getEncryptedValue() Encrypts value and returns it in an encoded printable form.
String	getPlainText() Obtains the plain text password.
int	hashCode()
String	toString() Deprecated. as of 1.356 Use toString(Secret) to avoid NPE in case Secret is null. Or if you really know what you are doing, use the getPlainText() method.
static String	toString(Secret s) Works just like toString() but avoids NPE when the secret is null.

Methods inherited from class java.lang.Object

clone, finalize, getClass, notify, notifyAll, wait, wait, wait

Method Detail

toString

public String toString()

Deprecated. as of 1.356 Use toString(Secret) to avoid NPE in case Secret is null. Or if you really know what you are doing, use the getPlainText() method.

Obtains the secret in a plain text.

Overrides:

toString in class Object

See Also:

getEncryptedValue()

getPlainText

public String getPlainText()

Obtains the plain text password. Before using this method, ask yourself if you'd be better off using toString(Secret) to avoid NPE.

equals

public boolean equals(Object that)

Overrides:

equals in class Object

hashCode

public int hashCode()

Overrides:

hashCode in class Object

getEncryptedValue

public String getEncryptedValue()

Encrypts value and returns it in an encoded printable form.

See Also:

toString()

decrypt

public static Secret decrypt(String data)

Reverse operation of getEncryptedValue(). Returns null if the given cipher text was invalid.

getCipher

public static Cipher getCipher(String algorithm)
                        throws GeneralSecurityException

Workaround for JENKINS-6459 / http://java.net/jira/browse/GLASSFISH-11862 This method uses specific provider selected via hudson.util.Secret.provider system property to provide a workaround for the above bug where default provide gives an unusable instance. (Glassfish Enterprise users should set value of this property to "SunJCE")

Throws:

GeneralSecurityException

fromString

public static Secret fromString(String data)

Attempts to treat the given string first as a cipher text, and if it doesn't work, treat the given string as the unencrypted secret value.

Useful for recovering a value from a form field.

Returns:

never null

toString

public static String toString(Secret s)

Works just like toString() but avoids NPE when the secret is null. To be consistent with fromString(String), this method doesn't distinguish empty password and null password.