Use secretTextarea for SSH key UI

[jvz]

Using the backport from jenkinsci/jenkins#3967

This replaces the textarea form input for SSH keys with a new custom editor for multiline secrets. See the above PR for screenshots.

[MarkEWaite]

Does this mean that I will no longer be able to copy the private key from the credential editing page? I've liked that a lot in the past to confirm the private key text is correct and complete.

[daniel-beck]

confirm the private key text is correct and complete

Just "replace" it with the one you know is correct?

[jvz]

Does this mean that I will no longer be able to copy the private key from the credential editing page? I've liked that a lot in the past to confirm the private key text is correct and complete.

Right, that does mean that. I wonder if adding a sort of fingerprint to the UI would be nice.

[jeffret-b]

Does this mean that I will no longer be able to copy the private key from the credential editing page? I've liked that a lot in the past to confirm the private key text is correct and complete.

Yes, that's what it means. From the user perspective, the key becomes kind of write-only.

It is easier to be able to view the key, as it has been, but it's not very good security practice. See for example how GitHub or AWS handles keys like this. Unfortunately security can be inversely proportional to productivity, as it kind of is in this case.

[jeffret-b]

I wonder if adding a sort of fingerprint to the UI would be nice.

That would be a nice follow-up enhancement. I like how some other systems do that.

[jvz]

The fingerprinting especially makes sense if the underlying secret is a crypto key that has a well-defined fingerprint. Otherwise, we could provide something like a SHA-256 hash of the data or something.

[MarkEWaite]

Understood that it is poor security practice to show me the contents of the private key. Thanks for the clarification.

If in some future version you decide to display something like a checksum, it might be nice to consider showing the "asciiart" which is displayed by the command ssh-keygen -l -v -f ~/.ssh/id_ed25519. It produces output like this:

256 SHA256:AgNX5IxQQf5qAp8xFPcMhtsVT9TFQeuVPvMXh3nvy+o mwaite@mark-pc2 (ED25519)
+--[ED25519 256]--+
|  ++O++oo. ++.   |
|  .O B.o  . .. . |
|  .o=.= .   . o  |
| .. .+     . o o |
|. o   o S   . *.o|
| o + . .       =+|
|  + o           +|
|   o          ...|
|            .E.oo|
+----[SHA256]-----+

[jvz]

Ooh, that'd be a cool idea.

[Wadeck]

🐝

Perhaps seems interesting to describe the problem + create ticket?

[jvz]

Created https://issues.jenkins-ci.org/browse/JENKINS-56940 for the UI improvement.

[jglick]

Some sort of javadoc failure, not sure offhand what it means.