Integrating Jenkins with Key Manager Plus

Jenkins, a prominent Java-based open-source automation tool, is widely utilized in DevOps environments for software projects building and testing. To streamline the software development lifecycle (SDLC) tasks such as building, testing, delivering, and deploying software, respective jobs (automation schedules) are created in Jenkins. These jobs often require user credentials, SSL certificates, and other sensitive information like privileged passwords, API keys, and access tokens to interact with various systems and services.

Here comes the Key Manager Plus plugin, developed for certificate management in Jenkins, that helps to simplify the workflow process in organizations' DevOps freestyle projects. Once enabled in Jenkins, the plugin ensures that the required certificates and CSRs are created/retrieved from Key Manager Plus's certificate vault whenever a job runs. Upon secure retrieval, the certificates can then be used in environment variables, depending upon the requirement of the build. The plugin also saves the user from the arduous job of having to manually create/download the certificates and CSRs in the script file every time there's an update.

Currently, the plugin can be used for certificate/CSR management at a job level, i.e., for freestyle projects. To learn more about enabling the Key Manager Plugin in Jenkins for certificate management, refer to the following sections:

1. Enabling Jenkins Access in Key Manager Plus
2. Installing and Enabling the Key Manager Plus Plugin in Jenkins
3. Downloading/Creating Certificates from Key Manager Plus for Jenkins' Freestyle Project Jobs

1. Enabling Jenkins Access in Key Manager Plus

1. Log in to Key Manager Plus and navigate to 'Integrations >> Jenkins Access'.
2. In the Jenkins Access tab, click 'Generate' to populate the Jenkins AuthToken automatically. This Auth Token will be required later while configuring the Key Manager Plus plugin in the Jenkins console. Once set up, all incoming requests from Jenkins will be validated by Key Manager Plus using this AuthToken.
3. You can also disable Jenkins access to Key Manager Plus by clicking on the Disable radio button in the Jenkins Access window.
   

2. Installing and Enabling the Key Manager Plus Plugin in Jenkins

Post the auth token generation, the Key Manager Plugin is to be installed in the Jenkins and has to be enabled for further CSR/certificates-related automated processes in jobs. The below sections will brief you about installing and enabling the Key Manager Plus plugin in Jenkins.

2.1 Installing the Key Manager Plugin in Jenkins

1. First, download the Key Manager Plus plugin from the Jenkins Access tab.
2. Open Jenkins' console, and from the Dashboard, navigate to Manage Jenkins >> System Configuration >> Plugins >> Advanced Settings.
   
3. In the Deploy Plugin section, browse and select the file using the Choose File option.
4. Now, click Deploy to install the Key Manager Plus Plugin in Jenkins.
5. Upon installation, restart the Jenkins server to apply the changes.
   

2.2 Enabling the Key Manager Plus Plugin in Jenkins

1. Navigate to Manage Jenkins >> System Configuration >> System.
2. In the UI that loads, scroll down to locate the Key Manager Plus plugin section.
   1. Key Manager Plus URL: Enter the URL to your Key Manager Plus instance, in the format https://<hostname>:<portnumber>
   2. Key Manager Plus Auth Token: Here, copy and paste the Auth Token generated earlier in Key Manager Plus's interface. Please note that the Auth Token entries in both Key Manager Plus and Jenkins should always match for successful plugin configuration.
   3. Click upon the Test Connection to check for the validity of the given details.
      

      Note: If the test connection fails, regenerate a new Auth Token from the Key Manager Plus interface and enter here.

3. Save the changes to enable and start using the Key Manager Plus plugin in Jenkins.
   

3. Downloading/Creating Certificates from Key Manager Plus for Jenkins' Freestyle Project Jobs

Now, the plugin can be used to create/download the required CSR/certificates from the Key Manager Plus for Jenkins' freestyle project jobs. Below is a step-wise explanation of the actions involved in further Key Manager Plus usage in Jenkins:

1. Once you create a specific freestyle project job, you will find an option to use the Key Manager Plus plugin for that job under its 'Build Environment' section that present in the Configure section.
   
2. Enable the required checkbox(es) [KeyManager Plus] Use CSR, [KeyManager Plus] Use Certificate, and/or [KeyManager Plus] Use Password (to set the password of a certificate to be called in the build environment).
3. Select the CSR, Certificate, Certificate Type, or Certificate Password as required to be used, and provide a environment variable for the CSR or Certificate that to be called in the build environment.
4. Now, click Save to attain the Key Manager Plus support in continuous building and testing of your software jobs.
   
5. You can also attain the following automated actions from the Key Manager Plus during your build steps and post build actions via this Jenkins integration with Key Manager Plus:
   1. Create CSR
   2. Create Certificate
   3. Download CSR

6. If you are using the options Create CSR /Create certificate during your build steps and post-build actions, you can download the created CSR/Certificate to the desired project workspace by enabling the Download Files checkbox.