igor/vault-test
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity
vault-test/.woodpecker.yml
igor ac4ac36360
Some checks failed
ci/woodpecker/push/woodpecker Pipeline failed
Details
Fix: use python3 instead of jq
2026-03-16 23:18:46 +00:00

25 lines
957 B
YAML
Raw Blame History

steps:
- name: fetch-secrets
image: hashicorp/vault:latest
environment:
VAULT_ADDR:
from_secret: vault_addr
VAULT_ROLE_ID:
from_secret: vault_role_id
VAULT_SECRET_ID:
from_secret: vault_secret_id
commands:
- export VAULT_TOKEN=$(vault write -field=token auth/approle/login role_id=$VAULT_ROLE_ID secret_id=$VAULT_SECRET_ID)
- vault kv get -format=json projects/test/demo > /tmp/secrets.json
- python3 -c "import json; d=json.load(open('/tmp/secrets.json'))['data']['data']; f=open('.env.vault','w'); [f.write(f'export {k}={v}\n') for k,v in d.items()]"
- echo "Fetched secrets:"
- cat .env.vault
- name: use-secrets
image: alpine
commands:
- source .env.vault
- echo "APP_NAME=$APP_NAME"
- echo "DB_HOST=$DB_HOST"
- echo "DB_PASS length=$(echo -n $DB_PASS | wc -c) chars"
- echo "Secrets are available in any step via .env.vault"
Reference in a new issue View git blame Copy permalink