We’re working on integrating Jenkins with DAP and was hoping to pick the community hive mind with regards to your strategies.
DAP works great when you need to replace hard coded credentials in pipeline scripts however, there are some Jenkins built modules (git, artifactory) that don’t integrate and won’t accept the Conjur Secret type as an input. That being said, it does integrate with AAM.
Does anyone have experience with that integration? We’re looking to leverage the credential provider while continuing to isolate credentials project by project so as to maintain similar granular access controls that DAP has to offer.
As for the DAP integration with Jenkins, you might be using an older version of the Jenkins plugin. The newest version (v0.7), found here, does support using Conjur Secret credential types in Git steps and other module steps now.
Check it out and see if maybe that was the case. If not, let us know back here!
Hey Joe/Andrew - Thank you guys for the help. We verified the version of the Jenkins plug in and it seems to be the latest. I’m attaching some screenshots to see if that can help. You can see below that we use the same credential in both approaches to git but the first one throws errors while the one mid pipeline works fine.
So for verification you can run the git clone command successfully however the git repository plugin is not working correctly. Correct?
I have experienced this behavior before and typically it occurs when the Repository URL is incorrect. I have noticed that the git plugin is rather sensitive with the Repository URL.
To verify what is the secret value? Are you using password or Access Token.
With that being said I can test this in my environment and get back to you.
Yeah that’s what we are seeing. Git clone works fine in the pipeline but the git repository plug in fails using the same set of credentials / parameters.
We are using username and password to connect. Let me know if you are able to find out anything with your tests. We’ve tried a couple different things now and are still not having any luck.
Hey Everyone, circling back around to this thread.
Has anyone had any luck looking at this in a lab environment? I’m not sure if the Jenkins plug in is incompatible with the credential type or if we are making a mistake in configuring the plug in.
Just to recap our issue - The conjur credential type will work with git when called from pipeline code but not when using the Jenkins git plug in (screenshots above)
The most recent version of the Conjur Credential Plugin can be found here:
The most recent version will have 3 different credential types Conjur Secret, Conjur Username and Conjur Username SSH Key credential. I think for this use case you want to use the Conjur Username Credential.