Inside the Briefcase

IT Briefcase Exclusive Interview: Getting the Most Out of Open Source While Managing License Compliance, Risk, and Security

IT Briefcase Exclusive Interview: Getting the Most Out of Open Source While Managing License Compliance, Risk, and Security

with Kendra Morton, Flexera
In this interview, Kendra Morton,...

Why DEM Matters More Than Ever in Financial Services

Why DEM Matters More Than Ever in Financial Services

Remember waiting in line at the bank? Banking customers...

How to Transform Your Website into a Lead Generating Machine

How to Transform Your Website into a Lead Generating Machine

Responsive customer service has become of special importance, as...

Ironclad SaaS Security for Cloud-Forward Enterprises

Ironclad SaaS Security for Cloud-Forward Enterprises

The 2015 Anthem data breach was the result of...

The Key Benefits of Using Social Media for Business

The Key Benefits of Using Social Media for Business

Worldwide, there are more than 2.6 billion social media...

How to Manage Jenkins Secrets with Akeyless Vault

September 18, 2020 No Comments

Featured article by Rafael Elcomarti, Independent Technology Author

Jenkins is an open-source automation platform that enables software build, test, and deployment by facilitating continuous integration and continuous delivery. It is widely considered as an essential tool in achieving a DevOps model by automating phases of software delivery workflows through CI/CD pipelines.

In its core, Jenkins is a scripting engine acting at the center of a critical workflow, and like all workflow tools, it requires secrets (credentials, api-keys, tokens) in order to interconnect with other resources, such as code repositories.

Securing secrets in your Jenkins should be done in two ways:

- By not leaving secrets in plain text within Jenkins jobs, susceptible to hacker attacks.
- Through Access control, by authorizing a particular Jenkins Job to only access the secrets it requires in order to complete its task.

With an Akeyless Vault integration to Jenkins, Akeyless Vault acts as a secrets management platform for Jenkins by provisioning secrets smoothly, and securely into Jenkins jobs, on run-time.

The Akeyless Vault plugin for Jenkins adds a Build-Wrapper by setting Jenkins environment variables administered through Akeyless Vault secrets. As Jenkins Master fetches secrets from the Akeyless Vault to inject into Jenkins Slaves, this no longer requires hard-coded secrets (like API keys, tokens, certificates, user credentials, etc.) to be saved within Jenkins.

FYI – Akeyless Vault is available either as SaaS or as a self-deployed solution, as required.

Benefits of Using a Centralized Secrets Management Solution

It is imperative for any organization to consistently provision secrets easily in a DevOps workflow without compromising security.

A secrets management platform like Akeyless Vault makes it operationally simpler to maintain compliance and generate reports of secret access with a visibility of what secret, when and where has been used and by whom.

Operation-wise – Each DevOps tool, such as Jenkins, Ansible, Kubernetes, or any other, have its own secret manager/vault. For an organization with multiple such tools, it gets chaotic and equally risky to manage multiple secret managers. With Akeyless Vault’s centralized secrets management platform, an organization can not only manage multiple vaults easily but also benefits by providing a single source to authenticate into different applications and workflows simultaneously.

Audit-wise – Instead of auditing secrets of multiple tools’ secret managers, Akeyless Vault enables a centralized audit of all application secrets, thereby saving precious time and compliance hassle.

Functionality-wise – Most DevOps tools’ secrets platform lack implementation of a Zero-Trust strategy. Through a centralized secrets management platform like Akeyless, temporary credentials are created through Just-in-Time Secrets. This ensures that any playbook has on-demand access to a specific resource that ‘dies’ after the playbook completes its run, thereby administering a Zero-Trust strategy.

Security-wise – Through short-lived SSH certificates, a centralized secrets management platform like Akeyless provisions enhanced security. In comparison to SSH keys, SSH certificates have date ranges that enforce its automatic expiry. Additionally, in case of mistakes, misuse, or theft, SSH certificates automatically expire.

How to Fetch a Secret with Akeyless Vault in Jenkins

Let’s go through the simple steps to fetch a secret in Jenkins.

1. Create an account with Akeyless (it’s free) by accessing the URL: Akeyless.io

Nadav1 300x145 How to Manage Jenkins Secrets with Akeyless Vault

2. In case you are a new user, create your first secret in Akeyless as shown below:

Nadav2 300x147 How to Manage Jenkins Secrets with Akeyless Vault

3. Start by clicking “Manage Jenkins”, then click “Manage Plugins”. Find Vault plugin and click install. In the Main page, click “New Item”, and then select “Freestyle project”. Go to “Build Environment”, check the “Vault Plugin”, add the vault URL and click “Add” in “Vault Credential”:

Nadav3 300x155 How to Manage Jenkins Secrets with Akeyless Vault

4. Fill the following fields, for this step you should use dedicated vault token:

Nadav4 300x123 How to Manage Jenkins Secrets with Akeyless Vault

Quick Note : The token should be in the following structure: <access_id>..<access_key>

y

5. Choose your new created Vault Credential.
6. Fill the following fields and click “Add a Vault secret”:

Nadav5 300x84 How to Manage Jenkins Secrets with Akeyless Vault

7. Fill details of the Vault URL and Secret Path as shown below:

Nadav6 300x154 How to Manage Jenkins Secrets with Akeyless Vault

Quick Note : Path should be in the following structure: secret/data/<path_to_your_secret>

Quick Note : PASS will be used later as an Environment variable and will contain the value of your secret

8. Copy the following into the CLI:

echopass How to Manage Jenkins Secrets with Akeyless Vault

9. In Build, click “Execute shell”:

Nadav8 e1600359562650 How to Manage Jenkins Secrets with Akeyless Vault

Summary

The Akeyless Vault plugin for Jenkins allows you to better secure the credentials within Jenkins jobs, by fetching those secrets in run-time from an external encrypted repository.

Akeyless Vault is an easy-to-use platform, with no deployment required (SasS), that centralizes the protection of all your secrets in all your DevOps tools from one single place.

DATA and ANALYTICS , SECURITY

Sorry, the comment form is closed at this time.

ADVERTISEMENT

Gartner