Please note that this tutorial refers to offical Conjur tutorial at https://docs.conjur.org/Latest/en/Content/Integrations/jenkins.htm, and modified for Katacoda platform.
In this tutorial, you will learn how to secure Jenkins pipelines using Conjur & credentials plugins.
The Conjur Jenkins plugin retrieves secrets from Conjur for use in Jenkins pipeline scripts or Freestyle projects.
The conjur-credentials-plugin makes secrets stored in an existing Conjur database available to Jenkins jobs. Jenkins jobs can authenticate to Conjur and access specific secret values for which they have authorization. You store and manage the secrets in Conjur.
We provide the plugin binary, which you install and configure on your Jenkins host.
On the Conjur side, policy defines the Jenkins host and gives it privileges to access Conjur. Conjur policy also defines the variables that will hold the secret values and authorizes Jenkins to access them. The secret values are loaded and managed in Conjur. Policy is also used to set up automatic rotation for supported variables.
When all configurations are in place, Jenkins scripts and projects simply reference the variable using the configured Jenkins ID.
The Conjur Jenkins integration provides the following advantages to Jenkins DevOps administrators:
Security. Secret values are stored and obtained securely. Secrets are not exposed in Jenkins jobs or referenced files.
Central management. Secrets are managed in a central location, either in Conjur or in the CyberArk Vault if you are using the Vault Conjur Synchronizer.
Automatic rotation. Secret value rotations are recommended for security. Conjur handles rotation so that no changes are required on the Jenkins side.
Segregation of duties. Jenkins DevOps administrators are isolated from secrets management.
Segregation of duties.The plugin supports Jenkins scripts or projects. It supports global or folder-specific configurations.
Simplification. The plugin simplifies Jenkins job and project creation by requiring only a reference ID to a secret.
Familiarity. The plugin is configured using the Jenkins UI, a familiar interface for Jenkins users.
Securing Jenkins Freestyle project using Conjur
The following prerequisites are provided for you. They are being powered on.
- Jenkins (port 8081) https://[[HOST_SUBDOMAIN]]-8081-[[KATACODA_HOST]].environments.katacoda.com/
- Target Web System (port 80) https://[[HOST_SUBDOMAIN]]-80-[[KATACODA_HOST]].environments.katacoda.com/
- Conjur (port 8080) https://[[HOST_SUBDOMAIN]]-8080-[[KATACODA_HOST]].environments.katacoda.com/
They are all run as containers.
To verify, execute
The response doesn't look the similar? Don't worry, please give them a moment to start. You can retry the above command anytime.