Use newer jelly tag for direct keys #59
Comments
|
@Casz Thanks for pointing this out. Is this a situation where it would be appropriate to blacklist the 0.8 release after releasing this fix? |
|
it could be: see jenkins-infra/update-center2#263 for an example of this 😓 |
|
Can you explain the utility/security that this provides over an invisible entry? We already don't render these keys, and it is still possible to view the encoded secret with secretTextarea through inspect element. |
|
The one use I could see would be directly inputting a secret without uploading a file |
|
Ya, it is meant for direct key entries, sorry if that wasn't clear 👍 |
|
See screenshots at jenkinsci/jenkins#3967 |
|
Thanks for clarifying, I'm glad this is a feature request and not a security concern. Support for direct input would be interesting, although I think it might require more thinking into how to integrate that with the existing file upload UI elements. |
Use the new jelly tag
secrettextareaSee for usage
jenkinsci/ssh-credentials-plugin#40
The text was updated successfully, but these errors were encountered: