Encrypted password in JiraJerseyClient

[timothyjmtan]

Hi,

Currently in our company we are using a common password for all enterprise applications. Such applications include assessing your payroll, JIRA, etc.

As you can imagine, it's not a very good idea to reveal this password, as a curious cat who may have your password ("for JIRA purposes only") has access to your payroll details.

In our usage of JiraJerseyClient we are connecting to JIRA. It is possible to watch an instantiated object to spy on the plaintext password. We have tried encrypting this password in our framework, but even then the object still reveals the decrypted password.

Is there a way to prevent plaintext passwords from showing at all?

[wakaleo]

A very good point. I don't have bandwidth to look at this at the moment, but https://github.com/serenity-bdd/serenity-jira/blob/master/serenity-jira-plugin/src/main/java/net/serenitybdd/plugins/jira/client/JerseyJiraClient.java is the class you would need to modify to integrate some form of encryption (I don't think it would be hard to do).

[timothyjmtan]

Cool, thanks! I'll take a look and raise a PR if I managed to fiddle with it.