init
This commit is contained in:
ducoterra
15
.gitlab-ci.yml
Normal file
15
.gitlab-ci.yml
Normal file
@@ -0,0 +1,15 @@
|
||||
read_secrets:
|
||||
script:
|
||||
# Check job's ref name
|
||||
- echo $CI_COMMIT_REF_NAME
|
||||
# and is this ref protected
|
||||
- echo $CI_COMMIT_REF_PROTECTED
|
||||
# Vault's address can be provided here or as CI/CD variable
|
||||
- export VAULT_ADDR=https://vault.ducoterra.net
|
||||
# Authenticate and get token. Token expiry time and other properties can be configured
|
||||
# when configuring JWT Auth - https://www.vaultproject.io/api/auth/jwt#parameters-1
|
||||
- export VAULT_TOKEN="$(vault write -field=token auth/jwt/login role=myproject-production jwt=$CI_JOB_JWT)"
|
||||
# Now use the VAULT_TOKEN to read the secret and store it in environment variable
|
||||
- export PASSWORD="$(vault kv get -field=password secret/myproject/production/db)"
|
||||
# Use the secret
|
||||
- echo $PASSWORD
|
||||
Reference in New Issue
Block a user