Skip to content

Instantly share code, notes, and snippets.

@3ng1n33r

3ng1n33r/.gitlab-ci.yml

Last active November 18, 2023 10:59
Show Gist options
  • Save 3ng1n33r/218a51d654da7a49804acb9afbb4297f to your computer and use it in GitHub Desktop.
Save 3ng1n33r/218a51d654da7a49804acb9afbb4297f to your computer and use it in GitHub Desktop.
Download ZIP
Raw
.gitlab-ci.yml
stages:
- vault
read_secrets:
stage: vault
image: hashicorp/vault:1.14
variables:
VAULT_ADDR: https://vault.default.svc.cluster.local:8200
VAULT_SKIP_VERIFY: 'true'
VAULT_AUTH_ROLE: myproject-production
id_tokens:
VAULT_ID_TOKEN:
aud: https://vault.default.svc.cluster.local:8200
script:
- echo $CI_COMMIT_REF_NAME
- echo $CI_COMMIT_REF_PROTECTED
- export VAULT_TOKEN="$(vault write -field=token auth/jwt/login role=$VAULT_AUTH_ROLE jwt=$VAULT_ID_TOKEN)"
- export PASSWORD="$(vault kv get -field=password secret/myproject/production/db)"
- echo $PASSWORD
- export STAGING_PASSWORD="$(vault kv get -field=password secret/myproject/staging/db)"
- echo $STAGING_PASSWORD
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment