Thycotic DevOps Secrets Vault

ID: thycotic-vault

This plugin allows access to the Thycotic Vault API to access secrets used in the build process. Use of the is plugin must be associated with a licensed version of the Thycotic Vault.


Additional examples are given in the DevOps Secrets Vault documentation

Usage in a pipeline script

node {
    // define the secret key value and the env variables the key matches the attribute name in the secret json. 
    // Only simple json types are supported for the secret value.
    def secretValues = [
        [$class: 'ThycoticSecretValue', key: 'password', envVar: 'secret']
    // define the path to the secret stored in DevOps Secrets Vault
    def secrets = [
        [$class: 'ThycoticSecret', path: 'path/to/your/secret', secretValues: secretValues]

    // set the jenkins credential id used to connect to the vault
    def configuration = [$class: 'DevOpsSecretsVaultConfiguration',
                       thycoticCredentialId: '"dsv-auth-credentials"']

    // instantiate the build wrapper to access the populated environment variables
    wrap([$class: 'ThycoticVaultBuildWrapper', configuration: configuration, thycoticVaultSecrets: secrets]) {
        echo "my secret is $secret"


Currently this plugin only supports json formatted secrets within the vault. The secret data values must be simple json types, complex types such as arrays are not currently supported.

Supported by the plugin

    "id": "0a71c5c0-5198-4c17-b2e3-c9e8703ef03d",
    "path": "path:to:secret",
    "data": {
        "password": "somepassword1",
        "username": "someuser"

Not supported

    "id": "0a71c5c0-5198-4c17-b2e3-c9e8703ef03d",
    "path": "path:to:secret",
    "data": {
        "password": ["somepassword1", "somepassword2"],
        "username": "someuser"

Building and Running

This plugin requires the use of Java 8 along with Maven 3.5+

Helpful Commands

  • Create plugin - mvn clean install
  • Run tests - mvn clean test
  • Run Plugin Locally - mvn hpi:run


This plugin was adapted from the Vault plugin originally authored by Peter Tierno.

ArchivesGet past versions
Version: 1.0.4
Requires Jenkins 2.60.3
Installs: 11
This plugin has no labels
Help us improve this page!
To propose a change submit a pull request to the plugin page on GitHub.