Skip to main content

Jenkins Utils

Project description


Implements some jenkins utils in python way.


jenkins-utils does not support plain-credentials, ssh-credentials plugins, so there’s no option to encrypt/decrypt these data yet.


  • Python 3.4+
  • pycrypto (non windows systems)
  • pycryptodomex (windows)


Does not work automatically on python-3.7 and Windows due to inavailability to build pycrypto module on host system, however any of installed pycrypto/pycryptodomex modules are supported on any os/platform.


Currently there’s encrypt/decrypt operations implemented and gathered in convenient and python developer friendly form.

As an example you an decrypt (or encrypt) message using Jenkins’s master and hudson secret keys:

$ python --master-key master.key --hudson-secret-key hudson.util.Secret \
                   --action decrypt "{AQAAABAAAAAgd+820Q6QR4ABkf3JpXHacuO3zdj11o8JD/6VIJi8XjS9GJJyWquIYbNokyKKsIfN}"

this is simple text to encrypt

$ python --master-key master.key --hudson-secret-key hudson.util.Secret \
                   --aes-type cbc --action encrypt "this is simple text to encrypt"


  • Master key is located at $JENKINS_HOME/secrets/master.key
  • Hudson key is located at $JENKINS_HOME/secrets/hudson.util.Secret

Advanced use

#!/usr/bin/env python3
import sys
import base64
import argparse
from lxml import etree
from jenkins.utils import Secret

def decrypt(opts):
    master_key = open(opts.master_key, 'rb').read()
    hudson_secret_key = open(opts.hudson_key, 'rb').read()
    secret = Secret(
        master_key=master_key, hudson_secret_key=hudson_secret_key
    credentials = etree.fromstring(
        open(opts.credentials, 'rb').read()
    for node in credentials.xpath('//com.cloudbees.plugins.credentials.'
        username, *_ = node.xpath('./username/text()')
        password_encoded, *_ = node.xpath('./password/text()')
        password = base64.decodebytes(password_encoded.encode('utf-8'))
            "Encrypted (username:password): ({}:{})".format(
                username, secret.decrypt(password)

def main():
    parser = argparse.ArgumentParser()
    parser.add_argument('-c', '--credentials', dest='credentials',
                        required=True, help='jenkins credentials.xml file')
    parser.add_argument('-m', '--master-key', dest='master_key',
                        help='jenkins secrets master.key file', required=True)
    parser.add_argument('-H', '--hudson-secret-key', dest='hudson_key',
                        help='jenkins secrets hudson.util.Secret file')
    options = parser.parse_args()

if __name__ == '__main__':
$ python -c credentials.xml -m master.key -H hudson.util.Secret

Encrypted (username:password): (scm-bot:W9CA6qTajV)
Encrypted (username:password): (artifactory-bot:vB9V9BtPN4)
Encrypted (username:password): (git-bot:V32c5S8TnHCvmfr)
... and so on

Project details

Download files

Download the file for your platform. If you're not sure which to choose, learn more about installing packages.

Source Distribution

jenkins-utils-0.1.2.tar.gz (9.4 kB view hashes)

Uploaded source

Built Distribution

jenkins_utils-0.1.2-py3-none-any.whl (9.6 kB view hashes)

Uploaded py3

Supported by

AWS AWS Cloud computing Datadog Datadog Monitoring Facebook / Instagram Facebook / Instagram PSF Sponsor Fastly Fastly CDN Google Google Object Storage and Download Analytics Huawei Huawei PSF Sponsor Microsoft Microsoft PSF Sponsor NVIDIA NVIDIA PSF Sponsor Pingdom Pingdom Monitoring Salesforce Salesforce PSF Sponsor Sentry Sentry Error logging StatusPage StatusPage Status page