Created
August 5, 2024 07:54
-
-
Save CapacitorSet/2e803fec918a4b01296029a4c2c6781a to your computer and use it in GitHub Desktop.
Revisions
-
CapacitorSet created this gist
Aug 5, 2024 .There are no files selected for viewing
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters. Learn more about bidirectional Unicode charactersOriginal file line number Diff line number Diff line change @@ -0,0 +1,24 @@ If you need an overview of what credentials Jenkins uses to clone repositories, you'll find that the Jenkins API is a bit convoluted. This is what I did instead: 1. From a Windows machine, access Jenkins as a UNC share and dump its contents: ```powershell Get-ChildItem -Path \\my-jenkins-instance\*\config.xml | ForEach-Object { $targetPath = "C:\Users\me\Desktop\jenkins\" + $_.Directory.Name + "_" + $_.Name; $_ | Copy-Item -Destination $targetPath -Force } ``` The output will be a zip file with XML files containing job configurations. The filename contains the project name (as that information is not otherwise contained in the XML file). 2. From Linux, unzip the archive and run one of: ```sh # To list which pipeline uses which credentials grep -R '<credentialsId>' # To list how often each credential occurs xmllint --xpath '//hudson.plugins.git.UserRemoteConfig' *xml* --format 2>/dev/null | sort | uniq -c | sort -hr # To list how often each (repo, credential) tuple occurs xmllint --xpath '//hudson.plugins.git.UserRemoteConfig/credentialsId' *xml* --format 2>/dev/null | sort | uniq -c | sort -hr ``` This only works for credentials used to clone git repos and doesn't detect uses of a credential in the pipeline definition (i.e. groovy file).