Created
July 22, 2023 16:15
-
-
Save mihairaulea/3799c4153df9cd146c263551d17e07e6 to your computer and use it in GitHub Desktop.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
We use gitlab's CI/CD pipeline and Vault to secure our environment variables. | |
This is a 3 hour job to reconfigure a HashiCorp Vault, point Gitlab to the new vault address and | |
populate Vault with the environment variables. | |
We will provide the Hashicorp Vault. | |
Here is the Gitlab script. | |
script: | |
- echo "Branch Name - ${ENVIRONMENT}" | |
- apk add jq | |
- export VAULT_NAMESPACE=admin/$ENVIRONMENT | |
- export VAULT_AUTH_ROLE=$ENVIRONMENT | |
# authenticate and get token. Token expiry time and other properties can be configured | |
- export VAULT_TOKEN="$(vault write -field=token auth/jwt/login role=$VAULT_AUTH_ROLE jwt=$CI_JOB_JWT)" | |
# use the VAULT_TOKEN to read the secret and store it in an environment variable | |
- vault kv get -format json newmiddleware/ssh-key | jq .data.data | jq -r 'to_entries|map("\(.key)=\(.value|tostring)")|.[]' >> build.env |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment