Difference between revisions of "HashiCorp Vault secrets in CI jobs as variables"

Latest revision as of 08:37, 14 March 2021

Use HashiCorp Vault secrets in CI jobs as variables ^[1] ^[2]

VAULT_SERVER_URL - The URL of your Vault server, such as https://vault.example.com:8200. Required.
VAULT_AUTH_ROLE - (Optional) The role to use when attempting to authenticate. If no role is specified, Vault uses the default role specified when the authentication method was configured.
VAULT_AUTH_PATH - (Optional) The path where the authentication method is mounted, default is jwt.

secrets:
  DATABASE_PASSWORD:
    vault: production/db/password@ops  # translates to secret `ops/data/production/db`, field `password`

@@ Line 1: / Line 1: @@
-** Use [[HashiCorp Vault secrets in CI jobs as variables]] <ref>https://about.gitlab.com/releases/2020/09/22/gitlab-13-4-released/#use-hashicorp-vault-secrets-in-ci-jobs</ref> <ref>https://docs.gitlab.com/ee/ci/secrets/</ref>
+Use [[HashiCorp Vault]] secrets in CI jobs as variables <ref>https://about.gitlab.com/releases/2020/09/22/gitlab-13-4-released/#use-hashicorp-vault-secrets-in-ci-jobs</ref> <ref>https://docs.gitlab.com/ee/ci/secrets/</ref>
+== Configuration ==
+* VAULT_SERVER_URL - The URL of your Vault server, such as https://vault.example.com:8200. Required.
+* VAULT_AUTH_ROLE - (Optional) The role to use when attempting to authenticate. If no role is specified, Vault uses the default role specified when the authentication method was configured.
+* VAULT_AUTH_PATH - (Optional) The path where the authentication method is mounted, default is jwt.
+== Usage ==
+ [[secrets]]:
+   DATABASE_PASSWORD:
+     vault: production/db/password@ops  # translates to secret `ops/data/production/db`, field `password`
+== Related commands ==
+* <code>[[vault policy write]]</code>
+* <code>[[vault auth enable jwt]]</code>
+* <code>[[vault write auth/jwt/config]]</code>
 == See also ==
 * {{GitLab}}
+[[Category:Vault]]
+[[Category:GitLab]]