Conjur plugin

This document describes the functionality provided by the xlr-conjur-integration. This plugin provides the ability to populate a release variable with secret retrieved from a Conjur server. The release variable can then be used by subsequent tasks in the release.

The following task type is included:

  • Conjur: Get Secret Task

Requirements

The Conjur integration plugin requires the following:

  • XL Release 7.5.0+
  • Conjur 4.9+

Configuration

Begin by configuring one or more Conjur servers.

Configure the Conjur Server

Navigate to Settings > Shared configuration. Click the + sign to add a new Conjur Server.

Setup Conjur server

Enter a descriptive name for this server.

URL

Enter the full URL for the Conjur server from which secrets can be retrieved. Include protocol (http or https) and port number if applicable.

Authentication Method

Choose the Basic Method from the drop down list. You may need to click the entry area to activate the drop down.

Account

Enter the enter the name of the Conjur account where the secrets are stored.

Username

Enter the account username that has permissions to retrieve the secret or secrets.

Password

Enter the user KEY in the password entry field.

Proxy

Provide optional proxy information if you access the Conjur server through a proxy.


Using the xlr-conjur Plugin

The Conjur plugin provides a task called ‘Get Secret’ which will populate a single release variable with a single Conjur secret. As you create your template, you will need to create as many release variables as the number of distinct secrets you will need to run your tasks.

Name the variable, make sure it is of type ‘Password’ and uncheck the boxes for ‘Required’ and ‘Show on Release Form’.

ConjurVar1Config ConjurVar2Config

Get Secret Task

Within your template, you will need to add as many ‘Get Secret’ tasks as the number of release variables you will need to populate. To configure a task choose the Conjur Server, provide the name of the secret as stored in Conjur, and choose a release variable of type password to populate.

ConjurGetSecret

Tip: The Get Secret task should be placed in the template so that it runs right before the task that will need the secret.

In this example, the Get Secret task retrieves a secret password that will be used in the following JIRA ‘Create Issue’ task.

Example Template

ConjurGetSecretTemplate

Use the Secret as Part of Another Task

In this example, the Conjur Get Secret task is followed by a JIRA Create Issue task. The JIRA task makes use of the release variable ‘newSecret’ (previously populated by Conjur) as the JIRA password (overriding the password configured for the JIRA server).

ConjurGetSecretUseExample

Release notes

Release Conjur Integration 9.7.0

Features

  • Add get secret tasks for Conjur integration plugin