Difference between revisions of "HashiCorp Vault secrets in CI jobs as variables"

From wikieduonline
Jump to navigation Jump to search
 
(2 intermediate revisions by the same user not shown)
Line 12: Line 12:
 
   DATABASE_PASSWORD:
 
   DATABASE_PASSWORD:
 
     vault: production/db/password@ops  # translates to secret `ops/data/production/db`, field `password`
 
     vault: production/db/password@ops  # translates to secret `ops/data/production/db`, field `password`
 +
 +
 +
== Related commands ==
 +
* <code>[[vault policy write]]</code>
 +
* <code>[[vault auth enable jwt]]</code>
 +
* <code>[[vault write auth/jwt/config]]</code>
  
 
== See also ==
 
== See also ==

Latest revision as of 08:37, 14 March 2021

Use HashiCorp Vault secrets in CI jobs as variables [1] [2]


Configuration[edit]

  • VAULT_SERVER_URL - The URL of your Vault server, such as https://vault.example.com:8200. Required.
  • VAULT_AUTH_ROLE - (Optional) The role to use when attempting to authenticate. If no role is specified, Vault uses the default role specified when the authentication method was configured.
  • VAULT_AUTH_PATH - (Optional) The path where the authentication method is mounted, default is jwt.

Usage[edit]

secrets:
  DATABASE_PASSWORD:
    vault: production/db/password@ops  # translates to secret `ops/data/production/db`, field `password`


Related commands[edit]

See also[edit]

  • https://about.gitlab.com/releases/2020/09/22/gitlab-13-4-released/#use-hashicorp-vault-secrets-in-ci-jobs
  • https://docs.gitlab.com/ee/ci/secrets/
    • Retrieved from "https://www.wikieduonline.com/index.php?title=HashiCorp_Vault_secrets_in_CI_jobs_as_variables&oldid=50821"

    Advertising: