How to effectively and securely manage secrets in Jenkins using Infisical
Manage Jenkins -> Plugins -> Available plugins
and search for Infisical
. Install the plugin and restart Jenkins.Dashboard -> Manage Jenkins -> Credentials -> System -> Global credentials (unrestricted)
.Press the Add Credentials
button and select Infisical Universal Auth Credential
in the Kind
field.The ID
and Description
field doesn’t matter much in this case, as they won’t be read anywhere. The description field will be displayed as the credential name during the plugin configuration.Infisical Plugin
checkbox under “Build Environment”. After enabling the plugin, you’ll see a new section appear where you’ll have to configure the plugin.dev
, staging
, or prod
. You can however create custom environments in Infisical. If you are using custom environments, you need to enter the slug of the custom environment you wish to fetch secrets from.Add an Infisical secret
in the Jenkins UI like seen in the screenshot below./
. You also need to select wether or not you want to include imports. Now you can add secrets the secret keys that you want to pull from Infisical into Jenkins. If you want to add multiple secrets, press the “Add key/value pair”.If you wish to pull secrets from multiple paths, you can press the “Add an Infisical secret” button at the bottom, and configure a new set of secrets to pull.{JENKINS_URL}/jenkins/job/{JOB_ID}/pipeline-syntax/
.You can find a direct link on the Pipeline configuration page in the very bottom of the page, see image below.Generate Pipeline Script
, and it will generate a block you can use in your pipeline.Snippet Generator
like described in the step above.INFISICAL_TOKEN
environment variable, which is configured in the pipeline, into the shell for executing commands.
There may be instances where this doesn’t work as expected in the context of running Docker commands.
However, the list of working examples should provide some insight into how this can be handled properly.