Use passwords variables in a Remote Script task

NOTE: This technique is no longer necessary starting in release 9.7. Passwords can be used in remote scripts if ‘Allow passwords in all fields’ is checked on the release properties tab.

Release prevents the improper usage of passwords by allowing password type variables to be used only in password fields.

If you try to use a password type variable in a non-password field of a task, the task will fail and the “Ensure that global variables are defined, password variables are only used in password fields, and other variables are only used in non-password fields.” error is shown.

However, you can use and mask passwords in custom script tasks like the Jenkins task, Jython Script task, or the Remote Script task.

If you want to enable the use of password values in non-password fields of a custom script task, use the “Allow passwords in all fields” checkbox in release or template properties.

To learn how to disable the default encryption in a custom script task such as a Jython script task, see security in Jython scripts.

This topic describes a simple method to use a password in a custom Remote Script task.

Adding a password variable and a token

  1. In the synthetic.xml file, modify an existing task type. This code snippet extends the Remote Script task type by adding a new customPassword property and changes the location of the python script of the Remote Script task.

    <type-modification type="remoteScript.RemoteScript">
        <property name="customPassword" kind="string" password="true" category="input"/>
        <property name="scriptLocation" hidden="true" default="remoteScript/" />

    Important: You must you restart your Release server every time you make a change to the synthetic.xml file.

  2. Add a new Remote Script task.
  3. In your custom remote script, define a token for the password you want to use (For example [PASSWORD]).


  4. In the new Custom Password field, switch to variable and then select a password type variable from the drop down list.


  5. Create the new Python script file, for example, and save it in XL_RELEASE_SERVER_HOME/ext/remoteScript.

    For the Remote Script task, go to XL_RELEASE_SERVER_HOME/lib and in the xlr-remotescript-plugin file you can find the remoteScript folder containing the file. Copy the contents of the python file to the new file.

  6. To replace the [PASSWORD] token in your custom script from the Remote Script task with the value in the customPassword variable, add the following code in the file:

    import string
    updatedScript = string.replace(script, '[PASSWORD]', customPassword)
    task.pythonScript.setProperty('script', updatedScript)  
  7. To mask the value of the password add this line in the file:

    output = string.replace(output, customPassword, '********')

    Here is a sample file:

    import sys
    from com.xebialabs.xlrelease.plugin.overthere import RemoteScript
    # Replace password in script
    import string
    updatedScript = string.replace(script, '[PASSWORD]', customPassword)
    task.pythonScript.setProperty('script', updatedScript)
    # Execute script
    script = RemoteScript(task.pythonScript)
    exitCode = script.execute()
    output = script.getStdout()
    err = script.getStderr()
    # Mask password
    output = string.replace(output, customPassword, '********')
    if (exitCode == 0):
        print output
        print "Exit code "
        print exitCode
        print "#### Output:"
        print output
        print "#### Error stream:"
        print err
        print "----"
  8. Open the Remote Script task and fill in all the required fields.
  9. Create a new release.
  10. Specify the password you want to use, and then start the release. You will see the output of the script task: