Set up the Conjur-Jenkins integration

This section describes all configuration requirements for the Conjur-Jenkins integration. It includes Conjur policy requirements, SSL certificate preparation, and Jenkins Conjur Secrets plugin configuration.

There are many possible ways to use the Conjur Secrets plugin. These instructions provide guidelines for getting started.

 

See Securing Jenkins Freestyle project using Conjur to use our fully-interactive tutorial on securing Jenkins pipelines using Conjur and credentials plugins.

Prerequisites

The following prerequisites are assumed:

  • You have a fully operational Conjur Server configured and running.

  • You have a fully operational Jenkins host configured and running.

     

    The minimum supported version of the Jenkins plugin is 2.32.1.

Install the Conjur Secrets plugin

This section describes how to upload the Conjur Secrets plugin for the integration

To install the plugin:

  1. Access and install the plugin from:

    • Jenkins's Plugin Manager area - requires an administrator account

    • Jenkins Plugins Index website. Search for the Conjur Secrets plugin and install the relevant release (from the Releases tab).

  2. Restart Jenkins.

  3. Continue with Configure the Conjur-Jenkins integration.

Configure the Conjur-Jenkins integration

This section describes how to configure the Conjur-Jenkins integration.

Usage

This section describes how Jenkins pipeline code and projects access secrets stored in Conjur through the Jenkins plugin.

Jenkins pipeline code

To reference Conjur secrets in a Jenkins pipeline, use withCredentials and the symbol conjurSecretCredential.

Here is an example showing how to fetch the secret from a Jenkins job pipeline definition.

 
node {
  stage('Build') {
    steps {
      sh './bin/build'
    }
  }

  stage('Publish') {
    withCredentials([conjurSecretCredential(credentialsId: 'docker/password', 
      variable: 'DOCKER_PASSWORD')]) {
        docker login -u dockeruser -p $DOCKER_PASSWORD registry.mysite.com
        docker push registry/myimage:tag
    }
  }
}

Jenkins Freestyle projects

To bind to Conjur secrets, use the option Use secret text(s) or file(s) in the Build Environment section of a Freestyle project. Secrets are injected as environment variables to the build steps of the project.

The following image shows an example configuration.