-4

So for a schoolproject we want to use Jenkins. During the installation, Jenkins asks for service logon credentials (local/ domain accountname and the password for the account). This raised a question in the group wether Jenkins is safe to use or not, because you are giving away sensitive information.

So is Jenkins safe to use? Could somebody also give a explanation why it is safe to use (How it works exactly)

Henk Bembom
  • 1
  • 1
  • 3
    What kind of "sensitive information" are you giving away? You define an new account for Jenkins during installation. Those are unrelated to any other account you (or your anyone in your group) is using. –  Apr 19 '21 at 09:37

1 Answers1

1

Read Securing Jenkins

Create a service account (needs logonasservice) as explained here for the controller.

Have a separate account to run the agents under. Use a third to access the source control system (use credentials plugin).

Your admins can restrict where the accounts can run and what privileges the have. Do NOT run as system or root (inside Docker is OK) and it's fine.

Ian W
  • 4,559
  • 2
  • 18
  • 37