Akeyless Vault

The Akeyless Dev Hub

If you're looking for help with the only zero-trust, SaaS, unified platform for secrets management - you've come to the right place.

This is our documentation and updates center.

Documentation

Jenkins Plugin

Suggest Edits

This plugin adds a build wrapper to set Jenkins environment variables from an Akeyless Vault secret.
Secrets are generally masked in the build log, so you can't accidentally print them.
It also has the ability to inject Vault credentials into a build pipeline or freestyle job for fine-grained vault interactions.

Akeyless Vault Ahtentication

This plugin allows authenticating against Akeyless Vault using Akeyless supported Authentication methods with the right Access Roles for secrets access.
In this example we will use an API Key authentication.

Configuring Jenkins Plugin

Click “Manage Jenkins”:

Click “Manage Plugins”:

Find Vault plugin and click install:

In the Main page, click “New Item”, and then select “Freestyle project”:

Configure Authentication

Navigate to “Build Environment”, check the “Vault Plugin”, enter your vault proxy URL.

Note: In case you are using your Key Fragment please use your vault URL as configured on Akeyless API GW

Click "Add" and choose Jenkins, to set your Jenkins Vault Credentials Provider.

On the "Kind" drop down, choose "Vault Token Credential".
Fill the following fields, for this step you should use your dedicated vault token.
The token should be a concatenation of your Access ID and your Access Key, with double dots as a delimiter i.e. Access-ID+”..”+Access-Key.
E.g. p-jjdbbkbd..njRThf894chsBXnuh

Choose the created vault credential [1], and click “Advanced”[2]:
Fill the following fields and click “Add a Vault secret”:

Dynamic Secret

To use your Jenkins Plugin to fetch Dynamic Secrets:

"Path" should be in the following format: Producer Name/creds/Your Secret Name

The returned JSON object will have keys named "password" and "username".

In this example, we are fetching a dynamic secret named "ProdDB" from MySQL producer.

To test the plugin, in Build, click “Execute shell”:

Provide your MySQL server IP, and modify the query etc.

mysql --host <your MySQL server ip>  --port 3306 --user=$USER --password=$PASS -e 'show databases;'
exit 0

Click “Apply” and “Save”.
Click “Build Now” and expect to see the following Console Output:

Static Secrets

To work with Static secrets, the Vault Secret Path should be in this format: secret/data/path to your secret . Where the Key in the returned JSON name is "data".
The below screen demonstrates how to configure a static secrets:

Updated 2 days ago

Jenkins Plugin

Suggested Edits are limited on API Reference Pages

You can only suggest edits to Markdown body content, but not to the API spec.