If you use Jenkins, the popular open-source automation server, it’s likely your automated jobs authenticate against one or more local and/or remote systems as part of their tasks. The Device42/Jenkins integration allows Device42 to securely store & retrieve these credentials within Device42, which boasts a robust built-in secret/password management solution. Instead of trying to store new or existing credentials in your automation scripts, or in Jenkins in addition to countless other locations, leverage the centralized secret store in Device42.
Simply add or update a secret/password in Device42, and with the Jenkins integration, your automation instantly has access to the updated credentials. Forget manual credentials updates across your infrastructure!
If you like this integration, check out the Device42 integration page for even more time saving & efficiency boosting features!
Installing the Device42-Jenkins Integration
Build he Jenkins plugin from source (optional)
Note: Maven is required to build the plugin.
- Begin by cloning the Device42 Jenkins Plugin repo from Device42’s Github:
git clone https://github.com/device42/device42-jenkins-credentials-plugin
- Next, change your working directory to the plugin directory of the repo you just cloned:
- Call Maven install to build the plugin:
mvn install -DskipTests
- Follow “Configuring Jenkins” section below to install the plugin you just built into Jenkins.
- Login to your Jenkins instance.
- Select the ‘Manage Jenkins’ Gear icon from the menu on the left, and then choose ‘Manage Plugins’ (green puzzle piece) –> ‘Advanced’ tab.
- Click the “Browse” button under the “Upload Plugin” heading (2nd from top) and select the
Device42.hpiDevice42 plugin you downloaded [or built from source].
- Click “Open” on the dialog, and then click the “Upload” button to upload the plugin to Jenkins:
Device42 doesn’t require any specific configuration for the integration other than having your D42 Main appliance up and running & its API accessible.
New passwords and Secrets are created & managed within Device42 (no changes from your usual workflow), and those secrets are read by the integration via the Device42 API each time Jenkins automation runs.
Using the Device42-Jenkins credentials integration
The Device42-Jenkins credentials integration allows you to use passwords/secrets stored in Device42 within Jenkins automations by pulling them via the Device42 API when Jenkins automations run. Credentials stored within Device42 are made available in Jenkins as variables, the names of which are user-customizable. Each D42 credential variable may be referenced as many times as desired within a Jenkins automation.
The following example walks through embedding a new credential into a Jenkins automation, and then pulls it and a second credential from Device42 and stores attributes from both into a text file, which can then be seen on the host instance, thus demonstrating the concept. Users can then use this technique to power any integration needed across their enterprise utilizing secrets centrally and securely stored within Device42:
- Begin by creating a new Jenkins automation Job [via the + button tab], or opening an existing Job for editing within Jenkins [by clicking its name]:
- Within the job configuration, scroll down to “Bindings” (or click the “build triggers” tab to jump). Click the “Add” button (#1), and choose “Device42 Secret credentials” (#2) from the popup to insert a D42 credential variable. Click the “Add” button with the key icon (#3) to select the Device42 credential you want to add:
- You can now specify the details of the Device42 credential you’d like to associate. Specify the following:
Kind of credential – which in this case is a ‘Device42 Secret Credential’,
Scope: (required)– availability of your credential variable to other Jenkins jobs,
Device: (required)– the name of the device the credential is associated with in Device42,
User: (required)– the username associated with credential/secret in Device42
ID: (normally left blank & auto-generated) – An internal unique ID assigned to the credential; useful for scripted configurations.
Description – (optional)– specify a descriptive description so you can recognize this credential in Jenkins [and tell it apart from others w/ the same username]
- You may now reference your new Device42 credential variable using the
$Variable_Nameas specified in the Execute Shell:
Repeat the above steps to add more credentials from Device42, if desired.
- Congratulations – You’re all set! Go ahead and leverage the Device42 – Jenkins integration to power some of your production automation jobs, and say good-bye to the scramble that goes along with trying to update credentials in 2038342 different places last minute!
If you have any questions about the Device42-Jenkins plugin, or are experiencing issues, please open a ticket @ support.device42.com or email [email protected] and we’ll do the best we can to help. Note that we only provide basic troubleshooting assistance for problems involving the integration itself.
Download the Device42 Jenkins integration plugin today.
Note that Device42 is required to use the Device42-Jenkins plugin. Download a free trial [all features, no nag-ware] now!