GitHub as the source of truth for configuration in Jamf Pro

To provide the most effective oversight of your organization’s Mac devices, IT administrators design and build the configuration of Jamf Pro tailored to your personal policies and requirements based on what you want to achieve.

But while setting the specific configuration parameters for your company requires a knowledge of background information and shared decision-making, over time the context and reasoning for this critical information can be lost or overlooked.

In this JNUC 2021 session, Hiroshi Ishikawa, corporate engineer of Japan-based note inc., discusses how his company uses a GitHub repository to save their configuration files and automatically deploy them to Jamf Pro.

Read on to learn how note inc. has made change management and version control of configuration files possible, maintaining a “source of truth” to support proper decision-making and IT governance.

Establishing safety and security

Ishikawa explains that note inc., established in Tokyo in 2011, is a C2C content creation platform which currently has 130 employees and 47 million monthly active users. For customers, it’s important to provide safety and security for both content assets and personal information associated with accounts.

With Jamf Pro, the company can also create efficient workspaces for their employees while enforcing security policies, such as encryption of the local volume, automatic install of EDR during setup and remote wipe of data in case of loss.

The configuration design and setup of this administration tool will inevitably change over time, whether from external growth or internal changes. To provide the strongest device governance, it’s crucial to capture and manage this information.

Challenges in information control

Ishikawa discusses issues challenging the proper control of configuration information:

• Dispersion – Pieces of information may be in many different locations
• Context – Often only the original designers know the reason for decisions
• Design – It’s tempting to dive into using the Jamf Pro dashboard without documenting it
• Settings – Jamf Pro’s detailed settings quickly lead to massive information storage

Change history shortcomings

A feature called “History” in Jamf Pro records setting changes within the system. But you can’t rely on History change logs to capture the details of all information needed.

For example, for Policies, the first setting you register is not recorded. For Scripts, management history is recorded, but not content changes. It’s also difficult to identify what exactly has changed and how, since only the current version is displayed.

Ishikawa says that to make governance work, we must manage the information related to Jamf Pro configuration values, including the change history, in a way that is easy to understand.

Information consolidation with GitHub

To address these issues, they aggregate the information on GitHub, consolidating the trusted sources and delivering the information beyond the tool’s boundaries.

By using the CI/CD function called GitHub Actions, they developed a pipeline to deploy configuration values via the Jamf Pro API.

The end result: a simplified workflow, the ability to share more information with others and a source of truth for Jamf Pro configuration files.