The Akeyless Plugin for Jenkins enables secure integration of Akeyless-managed secrets and certificates within Jenkins pipelines. It supports multiple authentication methods, ensuring seamless and secure access to secrets and certificates.
Additionally, JSON-structured secrets can be retrieved by specifying specific keys, allowing precise control over the data fetched from Akeyless.
Run the following steps to install the Akeyless plugin for Jenkins:
-
Navigate to Manage Jenkins → Plugins.
-
Go to Available Plugins and search for Akeyless.
-
Check the plugin and press Install
The plugin supports the following authentication methods:
To configure the Akeyless plugin in Jenkins:
-
From the Jenkins Dashboard, press New Item, choose Freestyle Project, give it a name and press ok.
-
Scroll down to Environment and check Akeyless Plugin
-
Set the Akeyless URL to your gateway URL, with the
/api/v2endpoint. -
Add a new Access Mode:
-
Under Vault Credential, press Add > Jenkins.
-
Choose the Authentication Method from the Kind drop-down:
-
Username with password - Email Authentication Method.
-
Akeyless Access Key Credentials - API Key Authentication Method.
-
Akeyless Certificate Credentials - Certificate Authentication Method.
-
Akeyless Cloud Provider Credentials - AWS, Azure or GCP Authentication Method.
-
Akeyless Universal Identity Credentials - Universal Identity Authentication Method.
-
Akeyless t-Token Credentials - t-Token.
-
-
Click Add to save the configuration.
-
The Akeyless plugin allows you to retrieve Static, Dynamic, and Rotated secrets and PKI and SSH certificates.
To retrieve a secret:
-
Click Add Akeyless Secret.
-
Configure the following parameters:
-
Path: Enter the full path of the secret.
-
Environment Variable: Define an environment variable to store the secret's value.
-
Key Name (for JSON-type secrets): Specify the key to fetch. To retrieve all keys, enter
data.
-
To Issue a certificate:
-
Click Add Akeyless Issuer.
-
Configure the following parameters:
-
Path: Enter the full path of the certificate issuer.
-
Output Name: Name the retrieved certificate.
-
Certificate User Name: (For SSH certificates) Enter the username to be signed.
-
Public Key: Provide the public key (if required).
-
CSR in base64: Provide the Certificate Signing Request (CSR) in base64 format.
-
Environment Variable: Define an environment variable to store the certificate.
-
Key Name: Specify the key to fetch. To retrieve all keys, enter
data.
-
The following examples demonstrate how to authenticate and retrieve items using the Akeyless Plugin for Jenkins.
- The following configuration utilizes an existing API key in Akeyless for Jenkins authentication.
- The following configuration will fetch a static secret to your pipeline.
This example uses a JSON-Structured secret, where only the UserName key of the secret is saved to User Environment Variable.
- The following example will only fetch the username of the rotated secret value, and will store it into User environment variable:
- The following above will generate an SSH Certificate that will be allowed for ubuntu user, using a public key:
- The following example will generate PKI Certificate using predefind Certificate Signing Request:
This project is licensed under the MIT License. See the LICENSE file for details.
We welcome contributions! Feel free to submit issues and pull requests.
For any issues or questions, please visit our Akeyless Documentation or open an issue on this repository.