Method 1: Fetching Secrets During Jenkins Builds

Configuring a Jenkins Freestyle Project for Fetching Secrets

This topic explains how to configure a dedicated pipeline in Jenkins to fetch secrets from the Delinea Platfom. Configuring such a pipeline involves the following tasks:

A. Create Credentials in Jenkins

Create a credential in Jenkins to store the username and password of the Delinea Platform application account. The Delinea Platform Plugin uses this credential to connect to your Delinea Platform instance.

For detailed steps, see Creating a Credential for Delinea.

B. Create a Freestyle Project

In the pipeline configuration, you define settings to retrieve values of specific fields from a secret stored in Secret Server.

To create a Jenkins freestyle project:

  1. Log in to Jenkins.

  2. From the Dashboard, select New Item.

  3. Enter a name, select Freestyle project, and click OK.

  4. Select Environment in the side pane.

  5. In the Environment section, select Use Delinea Secret Server Secrets and configure:

    • Secret ID: The ID of the secret to fetch.

    • Environment Variable: Define an environment variable for each secret field.

      1. Enter an environment variable name (e.g., username).

      2. Enter the field slug name for the secret field.

        Field slug names uniquely identify secret fields. They can be found on the Fields tab of the secret template page. See Field Slug Names.

      3. Repeat to add fields such as password.

      4. Select another item Mapping to add more fields.

    • Secret Server Application Credential: Select the Jenkins credential you created.

      If it does not exist, select none, then Add → Jenkins to create it. See Creating a Credential for Delinea.

    • Delinea Platform URL: Enter your Delinea Platform instance URL.

  6. In the Build Steps section, provide a PowerShell script that references secret variables. Each variable must include the TSS_ prefix.

  7. Click Save to store the configuration.

    Jenkins will now fetch secret values automatically. For verification steps, see Verification.

Configuring a Jenkins Pipeline for Fetching Secrets

This topic explains how to configure a dedicated Pipeline in Jenkins to fetch secrets from the Delinea Platform.

A. Create Credentials in Jenkins

Create a Jenkins credential to store the username and password of your Platform service account. The plugin uses these credentials to connect to Platform.

See Creating a Credential for the Secret Server Application Account or Platform Service Account in Jenkins.

B. Create a Pipeline

In the Pipeline configuration, you define a script to retrieve specific secret field values.

To create a Pipeline:

  1. Log in to Jenkins.
  2. Select New Item.
  3. Enter a name, select Pipeline, click OK.
  4. Select Pipeline in the side pane.

You can configure your pipeline to fetch secrets in two ways:

Option 1: Use Global Default Credentials and URL

  1. Navigate to Dashboard > Manage Jenkins > System > Delinea Platform.
  2. Select your default credential.
  3. Enter the Delinea Platform URL.

When you use the global default credential and URL, your pipeline script should include:

Pipeline example:

Copy 
pipeline {
                agent any
                stages {
                stage('Print Secret Fields') {
                steps {
                withSecretServer(secrets: [
                [
                id: 'SecretId',
                mappings: [
                [field: 'username', environmentVariable: 'username'],
                [field: 'password', environmentVariable: 'password']
                ]
                ]
                ]) {
                bat '''
                echo Username field: %TSS_username%
                echo Password field: %TSS_password%
                '''
                }
                }
                }
                }
                }
        
  • ID: Secret ID.
  • Field: Secret field slug name.
  • Environment Variable: Variable name to store secret output.

Option 2: Define Credentials and URL in the Pipeline

Alternatively, you can specify the Delinea Platform credentials and URL directly within your pipeline script.

In this case, include:

  • ID: The ID of the secret you want to fetch.
  • credentialId: The Jenkins credential ID for your Platform service account.
  • baseUrl: The Secret Server URL.
  • Field: Secret field slug name.
  • Environment Variable: The environment variable name (for example, username) for a secret field.

Pipeline example:

Copy 
pipeline {
                agent any
                stages {
                stage('Print Secret Fields') {
                steps {
                withSecretServer(secrets: [
                [
                id: 'SecretId',
                credentialId: 'CredentialId',
                baseUrl: 'Secret Server or Platform URL',
                mappings: [
                [field: 'username', environmentVariable: 'username'],
                [field: 'password', environmentVariable: 'password']
                ]
                ]
                ]) {
                bat '''
                echo Username field: %TSS_username%
                echo Password field: %TSS_password%
                '''
                }
                }
                }
                }
                }
        

Note: Adjust parameters depending on whether you use global or inline settings.

Configuring a Jenkins Multibranch Pipeline for Fetching Secrets

This section explains how to configure a Jenkins Multibranch Pipeline to fetch secrets from Delinea Platform.

The configuration involves the following tasks:

  1. Creating a Multibranch Pipeline

  2. Adding a Git, GitHub or Single repository and branch

  3. Using Credential Resolver to store Git credentials retrieved from a secret stored in the Delinea Platform.

Create a Multibranch Pipeline

  • Log in to Jenkins.
  • Select New Item.
  • Select Multibranch Pipeline.
  • Configure your Git/GitHub repository.
  • Select Add SourceGitHub.

If private:

  • Add credentials.
  • Use Credential Resolver to map credentials from Secret Server.

Use Secrets in Multibranch Pipeline (via Jenkins file)

You can fetch secrets from Delinea Platform directly in your repository’s Jenkins file.

Below is an example snippet you can include in your Jenkins file:

Copy 
stage('Fetch secrets from Delinea') {
                steps {
                script {
                withSecretServer(secrets: [[
                id: 'SecretId',
                credentialId: 'CredentialId',
                baseUrl: 'Secret Server or Platform URL',
                mappings: [
                [field: 'username', environmentVariable: 'username'],
                [field: 'password', environmentVariable: 'password']
                ]
                ]]) {
                echo "Secret fetched successfully from Delinea"
                }
                }
                }
                }
        

Delinea Proxy Configuration for Builds

Applicable to Freestyle, Pipeline, and Multibranch Pipeline.

  1. Navigate to Dashboard > Manage Jenkins > System > Delinea Platform.
  2. Configure:
    • Proxy Host: Hostname or IP of proxy server
    • Proxy Port: Port number
    • Username (optional): Proxy authentication username
    • Password (optional): Proxy authentication password
    • No Proxy Hosts (comma-separated)

Proxy Behavior

  1. All plugin network calls use Delinea proxy settings.
  2. If username/password provided → authenticated proxy.
  3. If the target host is in No-Proxy list → bypasses proxy.
  4. If Delinea proxy not configured → Jenkins global proxy is used.
  5. If both configured → Delinea proxy takes precedence.