Jenkins is not the problem, we have quite a few secured instances which wouldn't leak secrets like this, or at least not to non-admin or unauthenticated users.

It's just often misconfigured because there are a plethora of plugins and ways to store and use secrets, and nobody audits it enough to look at the console output or build artifacts for leaked secrets.

The project is simply missing someone familiar enough to configure Jenkins properly.

> The project is simply missing someone familiar enough to configure Jenkins properly.

I would say that this is a specific case of the far more general one. Substitute "any small organization" for "the project" and substitute any configuration familiarity (i.e. Ops skill) for Jenkins configuration familiarity.

Even in "Devops" job postings for startups, when mentioning CI/CD tools like Jenkins, the main desire seems to be to hire someone who's more Dev than Ops, to create the code to run the CI/CD pipeline, with something like configuration or security a mere afterthough, if that.

Have you looked at Buildkite[0]? The management/pipeline part is hosted (like Travis), but you run the build agents on your own infrastructure (they run on pretty much everything, including macs).

Not affiliated, just a happy user.

[0] http://buildkite.com

This looks really interesting, will take a look, thanks.

I can confirm that buildkite is a fantastic replacement for jenkins.

- pipelines stored in source control

- hosted on your own servers (with easy one click setup in AWS if you're too busy for all that)

- excellent cloud hosted UI

Also not affliated, just a happy user who replaced a large jenkins setup where I work with buildkite.

Why not use that Patreon money to pay someone to set up Jenkins for you the right way?

Yeah. Let’s just blow the entire months budget on a single day of consulting. And I’m sure one day is all they would need to understand the workflow requirements of the team, implement and configure it and test it. That seems reasonable.