Masking sensitive data for Jenkins server by Mask Passwords plugin
#jenkins#linux#devops
Tran Huynh An Duy (Andy)

Tran Huynh An Duy (Andy) @andylovecloud

About: I’m moving into DevOps and Cloud Engineering after more than 10 years in IT operations. I enjoy leading teams, working with people from different backgrounds, keeping communication clear and simple.

Location:
Hämeenlinna, Finland
Joined:
Nov 24, 2025

Masking sensitive data for Jenkins server by Mask Passwords plugin

Publish Date: Dec 18 '25
0 0

Overview

The purpose of these activities is to implement the automatic masking of passwords or other information from build parameters.

1. Current situation

During the pipeline build process, the sensitive data (userID or password,...) is usually embedded or included in the script. This information can be exposed by checking the Console Output after running the job.

Example-situation

2. Solution

2.1 Installation Mask Passwords plugin:

From the Jenkins dashboard, go to Manage Jenkins → Plugins → Available plugins → type "Mask Passwords" in the search bar → select the check box and click Install.

Plugin installation

Then remember to select the checkbox "Restart Jenkins when installation is complete and no jobs are running".

Restart

2.2 Configure the plugin:

After the installation is completed, select the job you would like to implement the masking on → then click Configuration *→ **Environment *→ **select Mask password and regexes → Define variables with values you would like to do the masking.

installed

Go to Build steps → replace the variables above in the execute script.

Build steps

Then run the test again and compare the differences.

Result

Reference

Mask Passwords | Jenkins plugin

Video about Mask credentials in Jenkins from console output

Comments 0 total

    Add comment