Buildkite
The Buildkite Integration provides SailPoint Entro with continuous, read-only visibility into your CI/CD pipelines, builds, and associated secrets. It enables detection of misconfigurations, exposed tokens, and insecure variable management within Buildkite environments.
Navigation Path
Management → Accounts & Integrations → Add New Account (top right) → Buildkite
Purpose
Buildkite pipelines often store sensitive information such as:
- API keys and environment variables in build configurations
- Repository credentials used for code fetch and deployment
- Access tokens stored in pipeline or agent-level secrets
SailPoint Entro scans these securely to detect exposed secrets before they can be exploited.
Supported Resources
Once connected, SailPoint Entro analyzes:
-
Pipelines and build definitions
-
Environment variables and secret metadata
-
Agent and job configurations
-
Build logs and annotations metadata (where accessible via API)
Architecture
┌───────────────────────────────┐
│ Entro Security Cloud │
│ (Secret Detection Engine) │
└──────────────┬────────────────┘
│ HTTPS (TLS 1.2+)
▼
┌───────────────────────────────┐
│ Buildkite Cloud │
│ (Pipelines, Builds, Secrets) │
└───────────────────────────────┘
SailPoint Entro connects to Buildkite through a Personal Access Token (PAT) with read-only permissions.
Security Model
- All connections occur over HTTPS/TLS 1.2+
- Access tokens are AES-256 encrypted at rest within SailPoint Entro
- No write, modification, or destructive actions are performed
- Tokens can be revoked anytime from the Buildkite user settings
- Full audit logging available in SailPoint Entro’s event logs
Integration Flow
-
Generate a Personal Access Token (PAT) in Buildkite
Create a PAT in Buildkite with read-only permissions to allow SailPoint Entro to access pipeline and build metadata.
-
Enter the token in SailPoint Entro’s onboarding form
Provide the PAT in the SailPoint Entro UI when adding the Buildkite account.
-
SailPoint Entro validates the connection and begins scanning metadata
SailPoint Entro confirms connectivity and starts analyzing pipelines, variables, and available logs.
-
Findings appear in the SailPoint Entro Console
Scan results show file paths, risk levels, and remediation steps for any detected issues.