Provides Secrets stored in Vault as environment variables in buildkite pipeline
Only support KVV2 vault secrets backend.
Add the following to your pipeline.yml:
steps:
- command: ls
plugins:
- vj396/vault-secrets#v0.1.0:
image: 'vault' # optional. Defaults to https://hub.docker.com/_/vault
tag: "1.10.2" # optional. Defaults to 1.10.2
address: "http://vault-server:8200" # optional. plugin will error when VAULT_ADDR is also not in env.
token: "123ASda" # optional. plugin will error when VAULT_TOKEN is also not in env.
env:
MY_SECRET: secret/foo # where foo is the secret key
MY_OTHER_SECRET: secret/path/foo # Where secret/path is the vault path to the secret and foo is the secret keysteps:
- command: ls
plugins:
- vj396/vault-secrets#v0.1.0:
image: 'vault' # optional. Defaults to https://hub.docker.com/_/vault
tag: "1.10.2" # optional. Defaults to 1.10.2
address: "http://vault-server:8200" # optional. plugin will error when VAULT_ADDR is also not in env.
auth:
method: aws # optional. defaults to vault login method `aws`
role: example-role # optional. defaults to vault aws auth role `buildkite`
path: aws/custom/path # optional. Vault Auth backend path. defaults to `aws`
header: vault.service.consul # optional. Defaults to vault_addr server name
env:
MY_SECRET: secret/foo # where foo is the secret key
MY_OTHER_SECRET: secret/path/foo # Where secret/path is the vault path to the secret and foo is the secret keyvault kv put secrets/buildkite/test foo1=bar foo=bar
BUILDKITE_PLUGIN_VAULT_ENV_SECRETS_ENV_FOO1=secrets/buildkite/test/foo1 BUILDKITE_PLUGIN_VAULT_ENV_SECRETS_ENV_FOO=secrets/buildkite/test/foo BUILDKITE_JOB_ID=123 VAULT_TOKEN=$(cat ~/.vault-token) ./hooks/environment- Add vault auth support
- Fork the repo
- Make the changes
- Run the tests
- Commit and push your changes
- Send a pull request