We’re working on integrating Jenkins with DAP and was hoping to pick the community hive mind with regards to your strategies.
DAP works great when you need to replace hard coded credentials in pipeline scripts however, there are some Jenkins built modules (git, artifactory) that don’t integrate and won’t accept the Conjur Secret type as an input. That being said, it does integrate with AAM.
Does anyone have experience with that integration? We’re looking to leverage the credential provider while continuing to isolate credentials project by project so as to maintain similar granular access controls that DAP has to offer.
The AAM Central Credential Provider integration is specifically for CloudBees Jenkins Enterprise.
As for the DAP integration with Jenkins, you might be using an older version of the Jenkins plugin. The newest version (v0.7), found here, does support using Conjur Secret credential types in Git steps and other module steps now.
Check it out and see if maybe that was the case. If not, let us know back here!
Also to add to Joe, the DAP integration needs to be of type
Conjur Secret Username Credential to work correctly with some integrations.
When I use the git integration wit ssh key authentication, I use the
Conjur Secret Username Credential.
Hey Joe/Andrew - Thank you guys for the help. We verified the version of the Jenkins plug in and it seems to be the latest. I’m attaching some screenshots to see if that can help. You can see below that we use the same credential in both approaches to git but the first one throws errors while the one mid pipeline works fine.
Anyone have any ideas?
So for verification you can run the git clone command successfully however the git repository plugin is not working correctly. Correct?
I have experienced this behavior before and typically it occurs when the Repository URL is incorrect. I have noticed that the git plugin is rather sensitive with the Repository URL.
To verify what is the secret value? Are you using password or Access Token.
With that being said I can test this in my environment and get back to you.
Yeah that’s what we are seeing. Git clone works fine in the pipeline but the git repository plug in fails using the same set of credentials / parameters.
We are using username and password to connect. Let me know if you are able to find out anything with your tests. We’ve tried a couple different things now and are still not having any luck.
Testing this today and will update you once we have either a resolution or workaround.
Hi Mitch, are you still having issues with this?
Hey Everyone, circling back around to this thread.
Has anyone had any luck looking at this in a lab environment? I’m not sure if the Jenkins plug in is incompatible with the credential type or if we are making a mistake in configuring the plug in.
Just to recap our issue - The conjur credential type will work with git when called from pipeline code but not when using the Jenkins git plug in (screenshots above)
If anyone is wondering what Git plug in I’m referring to
The most recent version of the Conjur Credential Plugin can be found here:
The most recent version will have 3 different credential types Conjur Secret, Conjur Username and Conjur Username SSH Key credential. I think for this use case you want to use the Conjur Username Credential.
Much appreciated for the follow up Andrew. We’ll take this back and see how things go.