Conjur Answers Call for Jenkins Security with New Architecture
August 25, 2015 | DevOps | joanna mastrocola
New Conjur Deployment Server Reference Architecture Secures Releases of Artifacts and Enables Auditability
WALTHAM, Mass. – Aug. 25, 2015 – Conjur, Inc., the leading provider of security orchestration software, released a new Deployment Server Reference Architecture that secures Jenkins, the popular build and continuous integration tool. The new architecture separates the build and release machines, enforces the security of each new release of code and makes the entire process auditable.
“Jenkins provides collaborative and transparent continuous delivery but it can be difficult to control access and manage secrets required for production deployments,” said Chris Farnham, Director, Engineering at Kyruus, Inc., a leading provider of patient access and referral management solutions. “Conjur manages secrets and provides powerful privilege access capabilities that improve Jenkins’ security and compliance.”
Traditionally, DevOps teams address security and auditability concerns by running multiple Jenkins masters, adding Jenkins plugins and creating a dedicated “Jenkins” Management team. Conjur’s new Deployment Server Reference Architecture splits continuous integration and deployment. The Reference Architecture keeps the release machine and the build machine separate, so that a Jenkins job cannot publish the artifact itself. Instead, the Jenkins job has to interact with a separate release server, which will have the right credentials to publish to various destinations (e.g., RubyGems.org, Heroku, Docker Hub, etc.), but does not have the ability to build artifacts or modify them in any way.
“Jenkins powers your continuous integration through collaboration and visibility,” said Mitch Haile, Vice President of Products at Conjur. “However, Jenkins doesn’t provide access controls for deploying artifacts into production. Conjur eliminates the need to maintain secrets manually while providing powerful privilege access capabilities that enable Jenkins security and compliance. By adopting the Conjur Reference Architecture, enterprises eliminate the bottleneck in their deployment pipeline, while securing the entire system, and ultimately become more responsive to the needs of the business.”
The benefits of adopting the new architecture include:
- Secure Login: Both Web and SSH login are powered by Conjur via the industry standard PAM system
- Secure Secrets: Secrets that are used by Jenkins jobs are secure, organized and kept off the hard drive at all times
- Production-Ready Artifacts: Artifacts produced by Jenkins are highly verified and trustworthy
The new architecture is available immediately at: http://info.conjur.net/live-demo-conjur.
For the blog, “Why Continuous Integration and Continuous Delivery Are Not the Same,” visit:
For more information on Conjur and Jenkins, visit: http://www.conjur.net/solutions/jenkins.
About Conjur, Inc.
Conjur provides security orchestration software to manage, enforce and audit infrastructure applications with modern IT systems including Chef, Docker, Jenkins, Amazon Web Services, Open Stack, Cloud Foundry, Microsoft Azure and Puppet Labs. The company provides best practice reference architectures and standards based Open Source tools so that security best practices can become part of every software development activity and IT environment. Clients include Netflix, Genome Bridge, OpenDNS and Rally Software, among others. Founded in 2012, Conjur is based in Waltham, Massachusetts. Investors include Avalon Partners, Amplify Partners and Andy Palmer (Founder of Koa Labs). Visit: www.conjur.net and follow @conjurinc.