Chapter 5. Access and Security
Being able to create pipelines-as-code offers enormous potential and flexibility. In Scripted Pipelines, calls to any Groovy construct or Jenkins functionality or external method can be keyed into the pipeline script. However, that also significantly increases the ability to accidentally or intentionally do something within the code for a pipeline that shouldn’t be done. So, security has to be a first-class concern—and a first-class feature—for both pipelines and the Jenkins environment they are created and run in.
In this chapter, we’ll survey the different ways that Jenkins has for controlling access and security. We’ll first look at the overall security options, then we’ll survey the traditional credentials mechanisms that Jenkins offers and how to use those in pipelines.
After that, we’ll do a deeper dive into the advanced functionality available via the Role-Based Access Control (RBAC) plugin. We’ll then explore how Jenkins can integrate with Vault, a modern approach to storing credentials with a limited lifetime.
Finally, we’ll see what new features Jenkins 2 provides for ensuring that the steps in a pipeline have only the appropriate access and are executed in an approved context.
Let’s start off by looking at the most basic options for securing Jenkins once it’s installed.
Securing Jenkins
Prior to Jenkins 2.0, the default configuration for Jenkins was to have security disabled—not doing any security checking. This meant that Jenkins was ...
Get Jenkins 2: Up and Running now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.