Jenkins

The Jenkins Conjur Secrets plugin retrieves secrets from Conjur for use in Jenkins pipeline code or Freestyle projects. Jenkins jobs can authenticate to Conjur and access specific secret values for which they have authorization. You store and manage the secrets in Conjur.

How does it work?

On the Jenkins side, you install the Conjur Secrets plugin, and configure on your Jenkins host.

On the Conjur side, you load Conjur policy that defines the following: 

  • One or multiple Jenkins hosts. For example, you might define separate hosts for each Jenkins pipeline.
  • Privileges for those hosts to authenticate to Conjur.
  • Conjur variables that hold the secrets. Those secrets are loaded and managed in Conjur. For supported variable types, policy can define automatic rotation.
  • Privileges for Jenkins hosts to access the variables.

When all configurations are in place, Jenkins pipelines and projects reference a Conjur variable using a configured Jenkins ID.

Benefits

The Conjur-Jenkins integration provides the following advantages to Jenkins DevOps administrators:

Advantage

Description

Security

Secret values are stored and obtained securely. Secrets are not exposed in Jenkins jobs or referenced files.

Central management

Secrets are managed in a central location, either in Conjur or in the CyberArk Vault if you are using the Vault Conjur Synchronizer.

Automatic rotation

Secret value rotations are recommended for security. Conjur handles rotation so that no changes are required on the Jenkins side.

Segregation of duties

The plugin isolates Jenkins DevOps administrators from secrets management.

Flexibility

The plugin supports Jenkins scripts or projects. It supports global or folder-specific configurations.

Simplification

The plugin simplifies Jenkins job and project creation by requiring only a reference ID to a secret.

Familiarity

You configure the plugin using the Jenkins UI, a familiar interface for Jenkins users.

Configuration

To set up the Conjur-Jenkins integration, see Set up the Conjur-Jenkins integration.

For JWT authentication support, see the Jenkins Conjur Secrets plugin documentation.