This commit is contained in:
parent
2fb88109aa
commit
56d8990077
1 changed files with 13 additions and 6 deletions
|
|
@ -1,5 +1,5 @@
|
||||||
steps:
|
steps:
|
||||||
- name: test-vault
|
- name: fetch-secrets
|
||||||
image: hashicorp/vault:latest
|
image: hashicorp/vault:latest
|
||||||
environment:
|
environment:
|
||||||
VAULT_ADDR:
|
VAULT_ADDR:
|
||||||
|
|
@ -9,9 +9,16 @@ steps:
|
||||||
VAULT_SECRET_ID:
|
VAULT_SECRET_ID:
|
||||||
from_secret: vault_secret_id
|
from_secret: vault_secret_id
|
||||||
commands:
|
commands:
|
||||||
- echo "=== Authenticating with Vault via AppRole ==="
|
|
||||||
- export VAULT_TOKEN=$(vault write -field=token auth/approle/login role_id=$VAULT_ROLE_ID secret_id=$VAULT_SECRET_ID)
|
- export VAULT_TOKEN=$(vault write -field=token auth/approle/login role_id=$VAULT_ROLE_ID secret_id=$VAULT_SECRET_ID)
|
||||||
- echo "Auth successful"
|
- vault kv get -format=json projects/test/demo | jq -r '.data.data | to_entries[] | "export \(.key)=\(.value)"' > .env.vault
|
||||||
- echo "=== Reading secrets from projects/test/demo ==="
|
- echo "Fetched secrets:"
|
||||||
- vault kv get projects/test/demo
|
- cat .env.vault
|
||||||
- echo "=== Vault integration works! ==="
|
|
||||||
|
- name: use-secrets
|
||||||
|
image: alpine
|
||||||
|
commands:
|
||||||
|
- source .env.vault
|
||||||
|
- echo "APP_NAME=$APP_NAME"
|
||||||
|
- echo "DB_HOST=$DB_HOST"
|
||||||
|
- echo "DB_PASS length=$(echo -n $DB_PASS | wc -c) chars"
|
||||||
|
- echo "Secrets are available in any step via .env.vault"
|
||||||
|
|
|
||||||
Loading…
Reference in a new issue