Jenkins integration help!

Mitch · February 7, 2020, 4:27pm

Hey All!

We’re working on integrating Jenkins with DAP and was hoping to pick the community hive mind with regards to your strategies.

DAP works great when you need to replace hard coded credentials in pipeline scripts however, there are some Jenkins built modules (git, artifactory) that don’t integrate and won’t accept the Conjur Secret type as an input. That being said, it does integrate with AAM.

Does anyone have experience with that integration? We’re looking to leverage the credential provider while continuing to isolate credentials project by project so as to maintain similar granular access controls that DAP has to offer.

joe.garcia · February 7, 2020, 4:39pm

The AAM Central Credential Provider integration is specifically for CloudBees Jenkins Enterprise.

As for the DAP integration with Jenkins, you might be using an older version of the Jenkins plugin. The newest version (v0.7), found here, does support using Conjur Secret credential types in Git steps and other module steps now.

Check it out and see if maybe that was the case. If not, let us know back here!

AndrewCopeland · February 7, 2020, 6:00pm

Also to add to Joe, the DAP integration needs to be of type Conjur Secret Username Credential to work correctly with some integrations.

When I use the git integration wit ssh key authentication, I use the Conjur Secret Username Credential.

Mitch · February 12, 2020, 8:53pm

Hey Joe/Andrew - Thank you guys for the help. We verified the version of the Jenkins plug in and it seems to be the latest. I’m attaching some screenshots to see if that can help. You can see below that we use the same credential in both approaches to git but the first one throws errors while the one mid pipeline works fine.

Anyone have any ideas?

AndrewCopeland · February 13, 2020, 2:29pm

So for verification you can run the git clone command successfully however the git repository plugin is not working correctly. Correct?

I have experienced this behavior before and typically it occurs when the Repository URL is incorrect. I have noticed that the git plugin is rather sensitive with the Repository URL.

To verify what is the secret value? Are you using password or Access Token.
With that being said I can test this in my environment and get back to you.

Regards,
Andrew

Mitch · February 17, 2020, 3:35pm

Yeah that’s what we are seeing. Git clone works fine in the pipeline but the git repository plug in fails using the same set of credentials / parameters.

We are using username and password to connect. Let me know if you are able to find out anything with your tests. We’ve tried a couple different things now and are still not having any luck.

Thanks!
Mitch

AndrewCopeland · February 18, 2020, 8:38pm

Hi Mitch,

Testing this today and will update you once we have either a resolution or workaround.

Regards,
Andrew

jake · February 27, 2020, 2:55pm

Hi Mitch, are you still having issues with this?

Mitch · February 27, 2020, 5:04pm

Hi Jake,

Yes we’re still having issues. We haven’t managed to find a solution for this yet.

Were you able to find anything out on your side?

Thanks!

Mitch Bordage

/ IT Security Analyst III

/ IAM Security Engineering

/ 400 Value Way, Marlboro, MA 01752

/ T 508-390-8984 / C 508-816-4739 / TJX.com