Jenkins
The Jenkins Conjur Secrets plugin retrieves secrets from Conjur for use in Jenkins pipeline code or Freestyle projects. Jenkins jobs can authenticate to Conjur and access specific secret values for which they have authorization. You store and manage the secrets in Conjur.
How does it work?
On the Jenkins side, you install the Conjur Secrets plugin, and configure on your Jenkins host.
On the Conjur side, you load Conjur policy that defines the following:
- One or multiple Jenkins hosts. For example, you might define separate hosts for each Jenkins pipeline.
- Privileges for those hosts to authenticate to Conjur.
- Conjur variables that hold the secrets. Those secrets are loaded and managed in Conjur. For supported variable types, policy can define automatic rotation.
- Privileges for Jenkins hosts to access the variables.
When all configurations are in place, Jenkins pipelines and projects reference a Conjur variable using a configured Jenkins ID.
Benefits
The Conjur-Jenkins integration provides the following advantages to Jenkins DevOps administrators:
Advantage |
Description |
---|---|
Security |
Secret values are stored and obtained securely. Secrets are not exposed in Jenkins jobs or referenced files. |
Central management |
Secrets are managed in a central location, either in Conjur or in the CyberArk Vault if you are using the Vault Conjur Synchronizer. |
Automatic rotation |
Secret value rotations are recommended for security. Conjur handles rotation so that no changes are required on the Jenkins side. |
Segregation of duties |
The plugin isolates Jenkins DevOps administrators from secrets management. |
Flexibility |
The plugin supports Jenkins scripts or projects. It supports global or folder-specific configurations. |
Simplification |
The plugin simplifies Jenkins job and project creation by requiring only a reference ID to a secret. |
Familiarity |
You configure the plugin using the Jenkins UI, a familiar interface for Jenkins users. |
Configuration
To set up the Conjur-Jenkins integration, see Set up the Conjur-Jenkins integration.
For JWT authentication support, see the Jenkins Conjur Secrets plugin documentation.