Secrets ManagerIntegrations

Jenkins Integration

Jenkins is an open source automation server that automates building, testing, and deploying software. Use the Bitwarden Secrets Manager CLI to inject secrets into Jenkins CI/CD Pipelines.

Save an access token

To get started, create a token that will be used to authenticate with the Bitwarden Secrets Manager and retrieve secrets. To save an access token as a Jenkins credential:

  1. In Jenkins, navigate to the Settings  → Credentials page.

    Setting credentials
  2. Select the desired credential store.

  3. Select Add Credentials.

  4. Click the Kind drop down menu and select Secret text.

  5. Give the credential an appropriate name. Next, we will prepare the bitwarden-access-token.

  6. In a new tab, open the Secrets Manager web app and create an access token.

    Create access token
  7. Return to Jenkins and paste the newly-created access token into the Secret field.

  8. Once complete, select Create.

Jenkins credential

Add to your Jenkins Pipeline

Next, a Jenkins Pipeline needs to be created. The following section features an example Pipeline.

  1. Create a new Jenkins Pipeline by selecting New Item on the left-hand navigation.

  2. Enter a name for the new item. Next, select the Pipeline item type and then OK when complete.

    New Pipeline
  3. On the following screen, configure your desired settings and triggers. In the Pipeline section, include the following contents:

Java
pipeline { agent any stages { stage('Build Rust Project with Secrets from Bitwarden') { steps { withCredentials([string(credentialsId: 'bitwarden-access-token', variable: 'BWS_ACCESS_TOKEN')]) { sh ''' export PATH=$PATH:/usr/local/bin # ensure bws is in PATH bws run -- <command needing secrets here> ''' } } } } }
note

Replace <command_needing_secrets_here> with the command that requires access to secrets manager.

Run the CI/CD Pipeline

On the left, select Build Now → Pipelines and select Run Pipeline located on the top-right of the page. Select Run Pipeline on the page to run the newly-created Pipeline.