How To: Decrypt and accept encryption password in Release scripts


Below are an example decryption script and steps to create it.

Applicable to

Release version 9.7 as stated in Release Note (ENG-261)

Example of a decryption script

from com.xebialabs.deployit.util import PasswordEncrypter
mypass = globalVariables['global.pass']
print mypass
clearPassword = PasswordEncrypter.getInstance().ensureDecrypted(mypass)
print clearPassword

Steps to Follow

To allow the script task able to accept and decrypt the encrypted password, please follow the guideline below:

  1. Add these new lines in <Release>/conf/script.policy:
    permission "
    permission "
  2. Add these new lines in <Release>/conf/xl-release.conf: = ["importlib", "imp", "tempfile",
    "linecache", "shutil", "os", "getpass", "platform", "threading", "thread", "subprocess",
    "webbrowser", "cmd", "pdb", "bdb", "gc", "user", "code", "codeop", "zipimport", "pkgutil",
    "modulefinder", "runpy", "distutils", "compiler", "posix", "pwd", "grp", "posixfile",
    xl.repository.decryptPasswords=true = false
  3. In version 9.7 onward, passing encrypted password values has been restricted for creating and updating operations. To enable it only for script tasks, please apply the script below in <RELEASE_HOME>/conf/xl-release.conf:
    xl {
    security {
    accept-encrypted-secrets {
    enabled = true
  4. Restart Release

Extra Information

Was this article helpful?
0 out of 0 found this helpful



Please sign in to leave a comment.