Jenkins Decrypt API Token
I am using Jenkins with DC / OS (Mesos) and the service does not have a standard login, but uses Mesos / Zookeeper for authentication instead. I can access JENKINS_HOME and have config files for each user. I can see config.xml and also see secret.key. I found this code:
https://github.com/abrindeyev/jenkins-helpers/blob/master/bin/get_api_token.rb
whose purpose is to decode Jenkins API Token from config. However, when I run this, I get the following error:
/root/decrypt_api.rb:28:in `final': wrong final block length (OpenSSL::Cipher::CipherError)
from /root/decrypt_api.rb:28:in `decrypt'
from /root/decrypt_api.rb:35:in `<main>'
Here's an example of Token and Key (from a Docker Jenkins test container):
Cipher in config.xml file:
<jenkins.security.ApiTokenProperty>
<apiToken>{AQAAABAAAAAwrkIhJkGOx+QkqgJ/Ep8NhecxeWcqAs78RI9v5kr8y1FSCJBA4YFHrneQGxmetsj3/xSywFRXItIbtuCufWR6ng==}</apiToken>
</jenkins.security.ApiTokenProperty>
The secret key:
bdafc86eae946c35ca57d3af02a82b733741d59e1eca44e0a3f7ef0b8f25f8e6
How can I decode the token using encryption and key?
source to share
go to http: // jenkins-host / script
hashed_pw='your-sercret-hash-S0SKVKUuFfUfrY3UhhUC3J' passwd = hudson.util.Secret.decrypt(hashed_pw) println(passwd)
it should decrypt your token
source to share
You can decode Jenkins token by going to the Script Console in your master node (or navigate to /script
), then run the following command:
println(hudson.util.Secret.decrypt("{XXX=}"))
Note. Replace with {XXX=}
your symbolic string.
To decrypt it without using Jenkins, check out these scripts :
tweksteen/jenkins-decrypt
, menski/jenkins-decrypt.py
.
on this topic:
source to share