Introducing the Jenkins Plugin of the Month

The Jenkins ecosystem thrives because of its plugins.

With more than two thousand plugins available, Jenkins users can extend their automation platform in countless ways—integrating with tools, improving security, enhancing the user interface, or supporting new development workflows. Behind each plugin are maintainers and contributors who invest their time to build and support these extensions.

To highlight this work and help users discover useful functionality, we are introducing a new initiative on the Jenkins blog:

Each month, we will feature a Plugin of the Month.

The goal is to showcase plugins that provide valuable functionality for Jenkins users, highlight the work of their maintainers, and help the community discover capabilities they may not yet know about.

Sometimes the featured plugin will be widely used but underappreciated. Other times it may be a newer plugin that solves an interesting problem. In all cases, the focus is on highlighting contributions that strengthen the Jenkins ecosystem.

If you maintain or use a plugin that deserves more visibility, we welcome suggestions for future editions.

Our first featured plugin is the OIDC Provider Plugin.

This plugin allows Jenkins to act as an OpenID Connect (OIDC) provider so that external systems can securely authenticate using identities issued by Jenkins.

Instead of storing long-lived credentials or secrets inside Jenkins pipelines, systems can request short-lived tokens using the OIDC standard. This significantly reduces the need to manage and rotate static secrets.

Managing credentials and secrets in CI/CD pipelines can quickly become complex and risky. Long-lived access keys stored in configuration or credentials stores are a common attack vector.

By using OIDC-based authentication, Jenkins can issue short-lived identity tokens that external systems trust. This approach improves security while simplifying credential management.

This is especially useful when Jenkins pipelines interact with cloud providers such as:

Instead of storing cloud access keys in Jenkins, pipelines can authenticate using federated identity through OIDC.

The plugin is not limited to cloud providers. It can also be used to authenticate with internal services, such as a local Artifactory instance or other systems that support OIDC.

One of the biggest advantages of this approach is the ability to reduce or eliminate stored secrets in Jenkins pipelines.

Benefits include:

The Jenkins plugin ecosystem is one of the project’s greatest strengths. With the new Plugin of the Month series, we hope to highlight the innovation and dedication that plugin maintainers bring to the community.

Stay tuned for next month’s featured plugin — and if you have a favorite plugin you think should be highlighted, let us know.

Together, we continue to grow and strengthen the Jenkins ecosystem.