0

We are using Jenkins Freestyle Project to push the changes on the remote server. We are executing shell script on remote host using ssh for it. To pull the changes on the remote server, we are using origin url with git username and git password. The credentials should not be visible in plain text in the url that's why we have stored them in variables using 'secret text(s) or file(s)' option of 'Build Environment'.

The git credentials are not visible to the users who are using Jenkins for other projects but the remote server is showing git credentials in plain text. Any user with ssh access of the remote server is able to run the git reflog command in the project directory.

Port 22 cannot be opened on the server where gitlab is deployed so we cannot use ssh keys method to create the build in Jenkins. We can use only http method to pull the changes.

Is there any way so we could implement to avoid showing the git credentials in plain text in the project directory.

Derek
  • 79
  • 1
  • 6

1 Answers1

0

You can turn off saving reflogs by setting the following option in the remote git repository:

[core]
  logAllRefUpdates = 0

Note, that this is usually off by default, so the fact that your reflogs are saved means that somewhere it's been turned on.

Then you can delete the logs directory in the git repository where these logs are stored.

mricon
  • 6,238
  • 22
  • 27