The DAP Jenkins plugin retrieves secrets from DAP for use in Jenkins pipeline code or Freestyle projects.


The conjur-credentials-plugin makes secrets stored in an existing DAP database available to Jenkins jobs. Jenkins jobs can authenticate to DAP and access specific secret values for which they have authorization. You store and manage the secrets in DAP.

We provide the plugin binary, which you install and configure on your Jenkins host.

On the DAP side, you load DAP policy that defines the following: 

  • One or multiple Jenkins hosts. For example, you might define separate hosts for each Jenkins pipeline.
  • Privileges for those hosts to authenticate to DAP.
  • DAP variables that will hold the secret values. Those secrets will be loaded and managed in DAP. For supported variable types, policy can define automatic rotation.
  • Privileges for Jenkins hosts to access the variables.

When all configurations are in place, Jenkins pipelines and projects simply reference a DAP variable using a configured Jenkins ID.


The DAP Jenkins integration provides the following advantages to Jenkins DevOps administrators:




Secret values are stored and obtained securely. Secrets are not exposed in Jenkins jobs or referenced files.

Central management

Secrets are managed in a central location, either in DAP or in the CyberArk Vault if you are using the Vault DAP Synchronizer.

Automatic rotation

Secret value rotations are recommended for security. DAP handles rotation so that no changes are required on the Jenkins side.

Segregation of duties

The plugin isolates Jenkins DevOps administrators from secrets management.


The plugin supports Jenkins scripts or projects. It supports global or folder-specific configurations.


The plugin simplifies Jenkins job and project creation by requiring only a reference ID to a secret.


You configure the plugin using the Jenkins UI, a familiar interface for Jenkins users.

In this section: