Objective: Fetch secrets from Infisical to Jenkins pipelines

In this guide, we’ll outline the steps to deliver secrets from Infisical to Jenkins via the Infisical CLI. At a high level, the Infisical CLI will be executed within your build environment and use a machine identity to authenticate with Infisical. This token must be added as a Jenkins Credential and then passed to the Infisical CLI as an environment variable, enabling it to access and retrieve secrets within your workflows.

Prerequisites:

  • Set up and add secrets to Infisical.
  • Create a machine identity (Recommended), or a service token in Infisical.
  • You have a working Jenkins installation with the credentials plugin installed.
  • You have the Infisical CLI installed on your Jenkins executor nodes or container images.

The example provided above serves as an initial guide. It shows how Jenkins adds the INFISICAL_TOKEN environment variable, which is configured in the pipeline, into the shell for executing commands. There may be instances where this doesn’t work as expected in the context of running Docker commands. However, the list of working examples should provide some insight into how this can be handled properly.