List All Configured Passwords and Secrets in Jenkins

Sometimes, like when you want to migrate an old Jenkins to a new one and you don't know or remember all the configured passwords, secrets and signing keys, there's a simple way to get them.

First, log in to Jenkins, then head over to https://jenkins.example.com/script

In the text area, you can enter Groovy code and to get all the stored secrets, you can enter:

com.cloudbees.plugins.credentials.SystemCredentialsProvider
.getInstance()
.getCredentials()
.forEach {
  println it.dump().replace(' ', '\n')
}

That's it, you can now got all the credentials. For secrets, like private SSH keys, you'll need to inspect the specific objects further (or in general, anything that doesn't have a sane toString() method that dump() calls, like:

privateKeySource=com.cloudbees.jenkins.plugins.sshcredentials.impl.BasicSSHUserPrivateKey$DirectEntryPrivateKeySource@739ab83

If you don't have login access to Jenkins, but Unix access to the machine it's running on, you can instead poke in /proc/<pid> when a job using one of the credentials you're interested in. You can then see all the environment variables it has access to with:

$ cat /proc/<pid>/environ | tr '\0' '\n'

Happy snooping!

~ /home 🏠 ~ talks 💬 ~ bash ~ craftsmanship ~ db ~ dongxi ~ emacs ~ escenic ~ iam ~ java ~ js ~ language ~ latex ~ ldap ~ life ~ linux ~ llm ~ mac-os-x ~ mt-foo ~ network ~ norsk ~ python ~ quotes ~ running ~ security ~ travel ~ unix ~ various ~ vcs ~ webdesign ~ windows ~ discoveries ~ cv 🧙 ~
Licensed under CC BY Creative Commons License ~ 📡 RSS feed ~ ✉ torstein.k.johansen @ gmail ~ 🐘 @skybert@hachyderm.io ~ 🎥 youtube.com/@skybert