HashiCorp Vault secrets in CI jobs as variables

From wikieduonline
Jump to navigation Jump to search

Use HashiCorp Vault secrets in CI jobs as variables [1] [2]


Configuration

  • VAULT_SERVER_URL - The URL of your Vault server, such as https://vault.example.com:8200. Required.
  • VAULT_AUTH_ROLE - (Optional) The role to use when attempting to authenticate. If no role is specified, Vault uses the default role specified when the authentication method was configured.
  • VAULT_AUTH_PATH - (Optional) The path where the authentication method is mounted, default is jwt.

Usage

secrets:
  DATABASE_PASSWORD:
    vault: production/db/password@ops  # translates to secret `ops/data/production/db`, field `password`


Related commands

See also

  • https://about.gitlab.com/releases/2020/09/22/gitlab-13-4-released/#use-hashicorp-vault-secrets-in-ci-jobs
  • https://docs.gitlab.com/ee/ci/secrets/
  • Advertising: