This plugin adds a build wrapper to set Jenkins environment variables from an Akeyless Vault secret.
Secrets are generally masked in the build log, so you can't accidentally print them.
It also has the ability to inject Vault credentials into a build pipeline or freestyle job for fine-grained vault interactions.
Akeyless Vault Ahtentication
This plugin allows authenticating against Akeyless Vault using Akeyless supported Authentication methods with the right Access Roles for secrets access.
In this example we will use an API Key authentication.
Configuring Jenkins Plugin
Click “Manage Jenkins”:


Click “Manage Plugins”:


Find Vault plugin and click install:


In the Main page, click “New Item”, and then select “Freestyle project”:




Configure Authentication
Navigate to “Build Environment”, check the “Vault Plugin”, enter your vault proxy URL.
Note: In case you are using your Key Fragment please use your vault URL as configured on Akeyless API GW


Click "Add" and choose Jenkins, to set your Jenkins Vault Credentials Provider.


On the "Kind" drop down, choose "Vault Token Credential".
Fill the following fields, for this step you should use your dedicated vault token.
The token should be a concatenation of your Access ID and your Access Key, with double dots as a delimiter i.e. Access-ID+”..”+Access-Key.
E.g. p-jjdbbkbd..njRThf894chsBXnuh


Choose the created vault credential [1], and click “Advanced”[2]:
Fill the following fields and click “Add a Vault secret”:


Dynamic Secret
To use your Jenkins Plugin to fetch Dynamic Secrets:
"Path" should be in the following format: Producer Name/creds/Your Secret Name
The returned JSON object will have keys named "password" and "username".
In this example, we are fetching a dynamic secret named "ProdDB" from MySQL producer.


To test the plugin, in Build, click “Execute shell”:


Provide your MySQL server IP, and modify the query etc.
mysql --host <your MySQL server ip> --port 3306 --user=$USER --password=$PASS -e 'show databases;'
exit 0
Click “Apply” and “Save”.
Click “Build Now” and expect to see the following Console Output:


Static Secrets
To work with Static secrets, the Vault Secret Path should be in this format: secret/data/path to your secret . Where the Key in the returned JSON name is "data".
The below screen demonstrates how to configure a static secrets:


Updated 2 days ago