Jenkins Decrypt API Token

Question

Jenkins Decrypt API Token

I am using Jenkins with DC / OS (Mesos) and the service does not have a standard login, but uses Mesos / Zookeeper for authentication instead. I can access JENKINS_HOME and have config files for each user. I can see config.xml and also see secret.key. I found this code:

https://github.com/abrindeyev/jenkins-helpers/blob/master/bin/get_api_token.rb

whose purpose is to decode Jenkins API Token from config. However, when I run this, I get the following error:

/root/decrypt_api.rb:28:in `final': wrong final block length (OpenSSL::Cipher::CipherError)
from /root/decrypt_api.rb:28:in `decrypt'
from /root/decrypt_api.rb:35:in `<main>'

Here's an example of Token and Key (from a Docker Jenkins test container):

Cipher in config.xml file:

<jenkins.security.ApiTokenProperty>
<apiToken>{AQAAABAAAAAwrkIhJkGOx+QkqgJ/Ep8NhecxeWcqAs78RI9v5kr8y1FSCJBA4YFHrneQGxmetsj3/xSywFRXItIbtuCufWR6ng==}</apiToken>
</jenkins.security.ApiTokenProperty>

The secret key:

bdafc86eae946c35ca57d3af02a82b733741d59e1eca44e0a3f7ef0b8f25f8e6

How can I decode the token using encryption and key?

+3

encryption aes jenkins

Ken J June 22. 17 at 20:17

source to share

2 answers

Most Wanted · Answer 1 · 2017-11-29T14:06:32+0000

go to http: // jenkins-host / script

hashed_pw='your-sercret-hash-S0SKVKUuFfUfrY3UhhUC3J'
passwd = hudson.util.Secret.decrypt(hashed_pw)
println(passwd)

it should decrypt your token

kenorb · Answer 2 · 2017-12-20T19:48:40+0000

You can decode Jenkins token by going to the Script Console in your master node (or navigate to /script

), then run the following command:

println(hudson.util.Secret.decrypt("{XXX=}"))

^{Note. Replace with {XXX=}

your symbolic string.}

To decrypt it without using Jenkins, check out these scripts : tweksteen/jenkins-decrypt

, menski/jenkins-decrypt.py

.

on this topic:

Jenkins Decrypt API Token

More articles: