Integrate with Jenkins
The Kron PAM Secret Plugin makes secrets that are stored in Kron PAM AAPM securely available to Jenkins jobs. Jenkins jobs can authenticate to the AAPM account and access the specific secret values.
This plugin offers advantages to both Kron PAM and Jenkins users. The Kron PAM Secret Plugin stores secret values securely and prevents secrets from being exposed in Jenkins jobs. It also provides flexibility with the support of Jenkins script projects as well as global configurations.
With this plugin, Jenkins job is simplified by requiring only a URL or reference ID to a secret, and the configuration is made easy for Jenkins users with a familiar user interface.
Prerequisites:
- You must have a fully functioning Kron PAM AAPM configured.
- You must have a fully functioning Jenkins host configured and running.
To obtain the .hpi file and upload it using the Jenkins UI:
- Download the SingleConnectSecretPlugin.hpi file to your computer
- When you have the .hpi file, log into Jenkins as an administrator
- Navigate to Dashboard > Manage Jenkins > Manage Plugins > Advanced tab.
- In the Upload Plugin section, browse for SingleConnectSecretPlugin.hpi and Upload it to Jenkins.
- After installing the plugin, restart Jenkins.
- Navigate to Dashboard > Manage Jenkins > Manage Plugins > Installed tab.
- Make sure your plugin is listed under the Installed Plugins before continuing with the configuration.
The first configuration requirement for Jenkins is to add the credential.
- Navigate to Dashboard > Manage Jenkins > Manage Credentials > Credentials > System > Global credentials (unrestricted).
- Click on Jenkinsstore and it will direct you to System > Global Credentials (unrestricted) > Add Credentials.
The second configuration requirement for Jenkins is to store the credentials to connect to an AAPM account. The secrets that you want to obtain to connect to the AAPM account must be defined explicitly.
- Select the credential kind from the drop-down as Kron PAM Credential.
- Select the Scope as Global (Jenkins, nodes, items, all child items, etc.).
- Enter the URL for your localhost to define secrets: https://[local host]/sc-aapm-ui/rest/aapm/password
- Enter data as follows: {"token":" 9d0e79b4-5fb5-4836-824b-13d9d2cc909f","tenantId":"host", "comment":"abc", "passwordChangeRequired":"FALSE", "passwordExpirationInMinute":"5"}
- Enter ID type as AAPM SECRET 2.
- Click Save to save and store the AAPM secret through Jenkins UI.
- First, create a project of your choice. In this example, a freestyle project is selected.
- Then, navigate to Dashboard > Project Name (Test Project 2) and click on the down arrow to select Configure.
- You will be directed to the configuration page; from there, navigate to the Build Environment tab.
- To bind to the AAPM secret, select Use secret text(s) or file(s)
- Navigate to the Bindings tab or scroll down to the Bindings section and click Add.
- Select Kron PAM Secret Credential and the following will be selected automatically for you: variable as SINGLECONNECT_SECRET specific credential as Kron PAM Credential: AAPM SECRET 2
- (Optional) You can add more than one credential if needed by using the Add button once Specific credentials are selected. By adding the credential, you injected the secret as an environment variable to the build step of the project.
- Navigate to the Build tab, click Add Build Step and select a build step. In the following example, we used Execute Shell.

- Run the command below (with your own naming conventions) to access the account using the secret variable you bound: #!/bin/bash
- Click to finish the project configurations.
You successfully integrated Jenkins with Kron PAM AAPM.
Check if you see the logs under SAPM Logs.
