This document describes the functionality provided by the xlr-conjur-integration. This plugin provides the ability to populate a release variable with secret retrieved from a Conjur server. The release variable can then be used by subsequent tasks in the release.
The following task type is included:
- Conjur: Get Secret Task
The Conjur integration plugin requires the following:
- XL Release 7.5.0+
- Conjur 4.9+
Begin by configuring one or more Conjur servers.
Navigate to Settings > Shared configuration. Click the + sign to add a new Conjur Server.
Enter a descriptive name for this server.
Enter the full URL for the Conjur server from which secrets can be retrieved. Include protocol (http or https) and port number if applicable.
Choose the Basic Method from the drop down list. You may need to click the entry area to activate the drop down.
Enter the enter the name of the Conjur account where the secrets are stored.
Enter the account username that has permissions to retrieve the secret or secrets.
Enter the user KEY in the password entry field.
Provide optional proxy information if you access the Conjur server through a proxy.
The Conjur plugin provides a task called ‘Get Secret’ which will populate a single release variable with a single Conjur secret. As you create your template, you will need to create as many release variables as the number of distinct secrets you will need to run your tasks.
Name the variable, make sure it is of type ‘Password’ and uncheck the boxes for ‘Required’ and ‘Show on Release Form’.
Within your template, you will need to add as many ‘Get Secret’ tasks as the number of release variables you will need to populate. To configure a task choose the Conjur Server, provide the name of the secret as stored in Conjur, and choose a release variable of type password to populate.
Tip: The Get Secret task should be placed in the template so that it runs right before the task that will need the secret.
In this example, the Get Secret task retrieves a secret password that will be used in the following JIRA ‘Create Issue’ task.
In this example, the Conjur Get Secret task is followed by a JIRA Create Issue task. The JIRA task makes use of the release variable ‘newSecret’ (previously populated by Conjur) as the JIRA password (overriding the password configured for the JIRA server).
- Add get secret tasks for Conjur integration plugin