Jenkins Integration

Modernize Jenkins security with TigerAccess credential provider plugin for dynamic secrets, pipeline access control, and secure build authorization with comprehensive audit logging.

View Documentation Request Demo

Features

Secure Jenkins CI/CD Pipelines

Eliminate static credentials and secure your Jenkins infrastructure with dynamic access control.

Credential Provider Plugin

Native Jenkins plugin for dynamic secret injection into pipelines without storing credentials.

Pipeline Access Control

Secure access to SSH nodes, databases, and Kubernetes clusters during build and deployment jobs.

Certificate-Based Authentication

Replace static credentials with short-lived SSH certificates for secure node access.

Comprehensive Audit Logging

Track every credential access, command execution, and pipeline activity with detailed audit trails.

Capabilities

Enterprise-Grade Jenkins Security

Dynamic credential injection

SSH certificate authentication

Database access for migrations

Kubernetes deployment access

Docker registry authentication

Cloud provider credentials

Git SSH key management

Secret rotation automation

Build node authorization

Pipeline approval workflows

Job-level access policies

Comprehensive audit trails

Setup

Get Started in Minutes

Follow these simple steps to integrate TigerAccess with your Jenkins infrastructure.

Install TigerAccess Plugin

Install the TigerAccess credential provider plugin from the Jenkins plugin manager or manually upload the HPI file.

# Download plugin
curl -O https://releases.tigeraccess.com/jenkins/tigeraccess-plugin.hpi

# Install via Jenkins CLI
java -jar jenkins-cli.jar -s http://localhost:8080/ \
  install-plugin tigeraccess-plugin.hpi

# Restart Jenkins
java -jar jenkins-cli.jar -s http://localhost:8080/ safe-restart

Configure TigerAccess Connection

Configure the Jenkins plugin to connect to your TigerAccess auth service using a bot token.

# Create Jenkins bot in TigerAccess
tacctl bots add jenkins-bot \
  --roles=jenkins-user \
  --ttl=8760h

# Configure in Jenkins System Settings
# Navigate to: Manage Jenkins > Configure System > TigerAccess
# - Auth Server: https://auth.example.com:3025
# - Bot Token: (paste token from above)
# - Enable Audit Logging: true

Use in Pipeline

Access TigerAccess credentials in your Jenkinsfile using the credentials binding plugin.

pipeline {
  agent any
  stages {
    stage('Deploy') {
      steps {
        // Database access
        withCredentials([tigerAccessDB(
          credentialsId: 'postgres-prod',
          usernameVariable: 'DB_USER',
          passwordVariable: 'DB_PASS'
        )]) {
          sh 'flyway migrate -url=jdbc:postgresql://db:5432/app'
        }

        // Kubernetes access
        withCredentials([tigerAccessKube(
          credentialsId: 'prod-cluster',
          kubeconfigVariable: 'KUBECONFIG'
        )]) {
          sh 'kubectl apply -f deployment.yaml'
        }
      }
    }
  }
}

Use Cases

Real-World Jenkins Scenarios

Secure Database Migrations

Grant Jenkins pipelines just-in-time access to production databases for migrations with automatic credential rotation and full audit logging of all queries.

Kubernetes Deployments

Provide time-limited kubectl access to production clusters during deployment jobs with role-based restrictions and session recording.

Multi-Cloud CI/CD

Inject dynamic AWS, Azure, and GCP credentials into pipelines without storing long-lived secrets in Jenkins, with automatic expiration after job completion.

Compliance & Auditing

Meet SOC 2 and compliance requirements with comprehensive audit trails of all credential access, including who, what, when, and why for every pipeline execution.

FAQ

Frequently Asked Questions

Does TigerAccess replace Jenkins credentials?

Yes. The TigerAccess plugin acts as a credential provider, dynamically generating short-lived credentials on-demand. You can phase out static credentials stored in Jenkins and replace them with TigerAccess-managed access.

How does the plugin authenticate with TigerAccess?

The plugin uses a Jenkins bot identity with a long-lived token stored securely in Jenkins. This bot can request short-lived credentials for specific resources on behalf of pipeline jobs, with all access tied to the job context for audit purposes.

Can I use TigerAccess with Jenkins agents?

Yes. Jenkins agents can authenticate to build nodes using SSH certificates issued by TigerAccess instead of static SSH keys. This provides automatic rotation, revocation, and comprehensive audit logging of all agent connections.

What happens if TigerAccess is unavailable?

The plugin supports caching of recently issued credentials with configurable TTL. In degraded mode, cached credentials can be used for critical pipelines. You can also configure fallback to traditional Jenkins credentials for high-availability scenarios.

How are pipeline secrets audited?

Every credential request is logged with the Jenkins job name, build number, requesting user, resource accessed, and timestamp. TigerAccess can also record the actual commands executed with those credentials for complete auditability.

Ready to Secure Your Infrastructure?

Join thousands of security-conscious teams using TigerAccess to protect their critical infrastructure and AI agents.

Start Free Trial Contact Sales

No credit card required • 14-day free trial • Enterprise support available