Using Password Variable in Jython Script Task

Password variable can only be used in password fields otherwise it will throw an error as below

The task could not start because the following variables could not be replaced: ${pass}. Ensure that global and folder variables are defined, there is no circular references, password variables are only used in password fields, and other variables are only used in non-password fields.

Follow this doc as a guide to use the password in the non-password field
https://docs.xebialabs.com/v.9.6/release/how-to/passwords-in-remote-scripts/

Another most popular question is using the password variable in Jython script task:
As of the current version (July 2020) by default scripting, sandbox security is enabled
Here is some info to disable and decrypt the password
https://docs.xebialabs.com/v.9.6/release/how-to/create-a-jython-script-task/#security-and-jython-script-tasks

You could decrypt the password in your Jython scripts but I would recommend using that in a plugin instead of a Jython script so that it is hidden from the users. You could also plan to restrict the Jython script task to only a limited set of users if you have to use this method in the Jython script task.
Check out this code snippet to decrypt
https://docs.xebialabs.com/v.9.6/release/how-to/store-encrypted-passwords/#using-the-password-in-an-integration-plugin

Hi, can you expand on how to decrypt a password in a python script? How do I use this PasswordEncrypter mentioned in the last link? When I tried to import it or use it in a python script task I get ’ No module named PasswordEncrypter’.

Thanks.

You can only use the PasswordEncrypter in a custom task from a plugin, , not in an inline Jython Script Task.

See https://docs.xebialabs.com/v.9.6/release/how-to/create-custom-task-types/ on how to create a custom task type.

Hope this helps

Hes Siemelink

If you can avoid using a password in the Jython script task, please do as it can be a security risk. I would recommend creating a plugin/integration to avoid.
Use this doc to enable password decryption or disable the sandbox security to access all the restricted lib. https://docs.xebialabs.com/v.9.6/release/how-to/create-a-jython-script-task/#security-and-jython-script-tasks
Here is the solution to your problem:
Jython script task

from com.xebialabs.deployit.util import PasswordEncrypter
mypass = globalVariables['global.pass']
print mypass
clearPassword = PasswordEncrypter.getInstance().decrypt(mypass)
print clearPassword

pass is my global password variable
incase using regular pass variable

mypass = releaseVariables[‘pass’]

Note: Use wisely and recommended advice will always be creating a plugin as Hes mentioned above.

Thank you both. Custom tasks are easy enough, I will do that. Good to know how to do it in a script task though, as a fallback option.

Thanks.

@gsajwan , thanks for this topic, this gives me good understanding of how to deal with passwords in scripts. You mentioned “You could also plan to restrict the Jython script task to only a limited set of users if you have to use this method in the Jython script task”. Can you please elaborate on this, so far i can not find a way to restrict access to individual tasks, the permissions are for all the tasks within a release, that I have understood so far. So, my question is, is there a way I can allow users to view/transition certain tasks within Release flow, and restrict them from not being able to view/transition certain other tasks?


You can control access to individual role here