13
Customers have installed this app in at least 13 active instances.
    by WindTunnel Technologiesfor Bamboo Server 6.4.0 - 7.0.4 and more versions
    Versions available for Bamboo Server 6.0.0 - 6.3.4
    Supported
    WindTunnel Technologies supports this app.

    Get support

    Avoid leaking secrets through builds and deployments, have them securely managed external to Bamboo

    Avoid leaking secrets through builds and deployments, have them securely managed external to Bamboo

    Avoid leaking secrets through builds and deployments, have them securely managed external to Bamboo

    Link external secret managers

    Easily reference secrets from variables

    Have secrets automatically resolved

    Connect your Bamboo installation with any number of external secret managers. Azure Key Vault, HashiCorp Vault, AWS Secrets Manager, GCP Secret Manager and CyberArk Conjur are supported.

    Use a custom, compact syntax (%manager-name:secret-name%) to reference external secrets from global, plan or environment variables. Use from Bamboo Specs and avoid credential exposure in source control.

    Secrets are ad hoc resolved with their respective secret manager, and injected during builds or deployments. Resolved values only exist in memory for as long as needed and are always obfuscated in the logs.

    More details

    Please read The Big Picture first, after which one of our Tutorials will get you started.

    The Secret Managers fo Bamboo plugin allows connecting your Bamboo installation with any number of external secret managers. Azure Key Vault, HashiCorp Vault, AWS Secrets Manager, GCP Secret Manager and CyberArk Conjur are supported.

    Managing your secrets centrally and outside your build infrastructure allows for better security and governance, and will aid with compliance.

    Once a connection is defined with a secret manager, an intuitive and compact syntax can be used to reference external secrets from Bamboo's global, plan or deployment variables. As secrets are regular Bamboo variables, the same principle applies to Bamboo Specs as well, avoiding credential exposure in source control.

    Furthermore, the plugin provides the following features vastly enhancing the security profile of your CI/CD pipelines:

    Happy to assist via our Support page.

    Reviews for cloud

    (4)Sign in to write a review

    There are no reviews yet. Be the first to review this app.

    Reviews for server

    (4)
    Sign in to write a review
    by Davide Trombini on 2020-05-15
    Nice and neat. However, I've a few comments about the Azure support: - it seems to be supporting only guid passwords. - it can report a successful connection even if the vault was removed. - since the support is done via variables, you cannot immediately know if the connection was actually successful during a build. - the link to the support page provided here in the overview doesn't seem to go anywhere. Nice work, although I believe it needs some improvements.
    Was this review helpful?YesNo
    WindTunnel Technologies

    Dear Davide,

    Thank you for your review. It is this kind of feedback that helps us to improve.

    - "it seems to be supporting only guid passwords": indeed, the password is checked against the GUID format as this is the default format used by Azure when generating a Service Principal. You are correct that this might be too restrictive, as it is possible to set the password to a non-GUID format as well. We will loosen this requirement in the next update.

    - "it can report a successful connection even if the vault was removed": the connection test is tricky, not bullet proof and of course different for each secret manager. We cannot make any assumptions about the rights of the Service Principal over the vault (e.g. it is not required and even advised against to give the SP list rights), and we don't know any of the secret names at that point. The connection test currently performs the following tests: 1. can I successfully request an access token from Azure for this SP?, and 2. can I successfully ping the vault base-url (e.g. https://vault-name.vault.azure.net)? When removing the vault but keeping the SP, the first test will obviously still hold. It is possible the vault base url is kept around for some time after deletion making the second test succeed as well. We'll see if we can come up with ways to improve this, or at least add this explanation in the documentation as well so it is clear that a successful connection test does not 100% imply successful secret resolution.

    - "since the support is done via variables, you cannot immediately know if the connection was actually successful during a build": I'm not sure if I fully understand, but I think it ties back to what I wrote in the previous point: if we could assume listing rights over the vault we could fetch the list of secrets at connection configuration time and see if we can read them. But as explained here and also in the documentation, for security reasons we do not want to assume these rights. Having said this, it is possible to immediately fail the build when a secret cannot be resolved by enabling this option in the plugin settings.

    - "the link to the support page provided here in the overview doesn't seem to go anywhere": we broke the link in the last update :-( Thank you for reporting, it has been fixed.

    Kind regards.

    Reviews for Data Center

    (4)Sign in to write a review

    There are no reviews yet. Be the first to review this app.

    Cloud Pricing

    Server Pricing

    Data Center Pricing

      Local agents only
    10 jobs
    $10
    1 remote agent
    Unlimited jobs
    $49
    5 remote agents
    Unlimited jobs
    $99
    10 remote agents
    Unlimited jobs
    $399
    25 remote agents
    Unlimited jobs
    $899
    100 & upAdditional pricing details

    Pricing FAQ

    How does server app pricing work?

    Server products and apps are hosted on your servers. This app is sold as a perpetual license, and the purchase price includes 12 months of maintenance (support and version updates).

    You can renew maintenance after 12 months at 50% of the current purchase price. You can upgrade the tier of your Atlassian product and app licenses at any time. Upgrade prices are calculated based on Atlassian's formula (view example).

    If app pricing changes after your initial purchase, there's a 60-day grandfathering period during which you can renew based on the old pricing.

    How do I determine my server pricing?

    Apps are billed based on the number of users in your Atlassian product. The app tier should match the licensed user tier of the Atlassian product. For example, if you have a Confluence license for 500 users, you should purchase the 500-user tier for apps. Even if fewer users want to use the app than your Atlassian product license, the two licenses should match exactly.

    Can I install this app in a Data Center product?

    This app does not have a Data Center approved version. Only apps meeting a set of performance requirements for large, clustered environments are approved for Data Center.

    However, while server apps are built for single-server deployments, many customers successfully install them in Data Center products. If you're using a Data Center product, Atlassian recommends you contact the vendor to determine compatibility at scale.

    Learn more about Data Center approved apps

    What type of license do I need if I'm using this app in a Data Center product?

    Because this app does not have a Data Center approved version, you should purchase a Server license if you decide to install this app in a Data Center product.

    Learn more about Data Center licensing

    Do you offer academic, community, or open-source licenses for server apps?

    For server apps, academic licenses are available at a 50% discount if you have an academic license for your Atlassian product.

    Community and open-source licenses are available for server apps. Learn more about community and open source licenses.

    Can I extend my free trial?

    For server apps, you can extend your app trial up to 5 times - in other words, for up to six months. Extend your trial by generating a new evaluation license key from Atlassian Marketplace. Click Try it free and you'll be directed to generate a new license. Paste this license key into the app listing in UPM from your Atlassian product, and you're all set.

    How can I buy apps for my legacy Jira Server or Confluence Server license?

    If you own a legacy Jira Server Unlimited (100+ users) or Confluence Server Unlimited (2000+ users) license purchased in 2012 or earlier, legacy app pricing is no longer available. You have two options for app purchasing:

    • Purchase the app at the non-legacy Unlimited (10000+ users) tier.
    • Renew your Jira or Confluence license at a non-legacy tier, then purchase the app at the same tier.

    Learn more

    WindTunnel Technologies provides support for this app.

    Vendor support resources

    Documentation

    Find out how this app works.

    See existing Q&A in Atlassian CommunityAsk a question in the Atlassian Community

    Atlassian-hosted discussions connect you to other customers who use this app.

    Versions

    Version 1.4.28 Bamboo Server 6.4.0 - 7.0.4 Released 2020-05-08

    Summary

    Support for CyberArk Conjur

    Details

    Initial support for CyberArk Conjur and the CyberArk Dynamic Access Provider (DAP).

    Installation

    1. Log into your Bamboo instance as an admin.
    2. Click the admin dropdown and choose Atlassian Marketplace. The Manage add-ons screen loads.
    3. Click Find new apps or Find new add-ons from the left-hand side of the page.
    4. Locate Secret Managers for Bamboo via search. The appropriate app version appears in the search results.
    5. Click Try free to begin a new trial or Buy now to purchase a license for Secret Managers for Bamboo. You're prompted to log into MyAtlassian. Secret Managers for Bamboo begins to download.
    6. Enter your information and click Generate license when redirected to MyAtlassian.
    7. Click Apply license. If you're using an older version of UPM, you can copy and paste the license into your Bamboo instance.

    To find older Secret Managers for Bamboo versions compatible with your instance, you can look through our version history page.

    Similar apps