Managing Secrets in the CD/CI Pipeline

Hi everyone,

In our IT department, we use Jenkins for automated deployment and an on-premise Git server for source code management across teams.

To manage credentials such as passwords and API keys securely, we need a secure and seamless way to integrate credential management into our Jenkins build pipelines. We are currently using Netwrix Password Secure and would prefer to continue using it for this purpose.

However, I couldn’t find any official Jenkins plugin or documentation for integrating Netwrix Password Secure directly into Jenkins.

Does Netwrix provide any official guidance or tooling to support such an integration? If not, are there recommended best practices or workarounds to access stored credentials securely from Jenkins pipelines?

Any pointers or experiences would be greatly appreciated.

Thanks in advance!

Best regards,
Lukas

Hey Lukas - great to see you back in the community - and apologies for the late reply!

You’re right, we currently don’t have official documentation, plugins, or tooling for integrating Netwrix Password Secure with Jenkins. That said, we do know of customers who have successfully implemented such setups.

A common approach is to use our SDK within the pipeline — for example, by invoking a PowerShell script during the build to securely retrieve credentials at runtime. This way, secrets never need to be stored in Jenkins directly and can be fetched just-in-time when needed. We can use API tokens for common M2M-authentication/authorization.

If you’re open to it, I’d be happy to connect directly and support you in building the integration… ideally something we could share with others in the community as well.

Thanks again for raising this - really valuable topic!

Cheers,
-sascha

1 Like