Securing Agents with TLS in Jenkins

In modern CI/CD pipelines, security is paramount. This lesson focuses on securing Jenkins agents using Transport Layer Security (TLS), ensuring that the communication between Jenkins master and agents is encrypted and secure.

Transport Layer Security (TLS) is a cryptographic protocol that provides end-to-end security of data transmitted between applications over the Internet.

Key concepts include:

• Encryption: Protects data from eavesdropping.
• Integrity: Ensures data is not tampered with during transmission.
• Authentication: Confirms the identity of communicating parties.

Follow the steps below to configure TLS for Jenkins agents:

3.1 Generate SSL Certificates

Generate a self-signed certificate or obtain one from a Certificate Authority (CA). Below is a command for generating a self-signed certificate using OpenSSL:

openssl req -newkey rsa:2048 -nodes -keyout jenkins.key -x509 -days 365 -out jenkins.crt

3.2 Configure Jenkins Master

On the Jenkins master, configure the HTTPS settings:

1. Navigate to Manage Jenkins > Configure System.
2. Under Jenkins Location, set the Jenkins URL to use `https://`.
3. Specify the path to the keystore with the certificate.
4. Restart Jenkins to apply changes.

3.3 Configure Jenkins Agents

On each Jenkins agent, configure the Jenkins URL to point to the master using HTTPS:

JENKINS_URL=https://your-jenkins-master:8080

• Regularly update and renew SSL certificates.
• Use strong encryption algorithms and key lengths.
• Monitor security logs for unauthorized access attempts.
• Implement a firewall to restrict access to Jenkins agents.