Go To All Steps
Codefresh Steps: Reusable Code for Common Operations
This page provides code you can use to perform common operations in the Codefresh CI/CD platform.
304.2K

Fetch secrets from Hashicorp Vault vault

Read secrets from Hashicorp Vault inside a Codefresh pipeline.

arguments

  • APPROLE_ROLE_ID - Vault AppRole Role ID. Required if auth method is APPROLE
  • APPROLE_SECRET_ID - Vault AppRole Secret ID. Required if auth method is APPROLE
  • VAULT_ADDR - Vault server URI. Example: https://vault.testdomain.io:8200 (required)
  • VAULT_AUTH_METHOD - Vault authentication method. Valid options: APPROLE or TOKEN
  • VAULT_AUTH_TOKEN - Vault authentication token (required)
  • VAULT_CLIENT_CERT_BASE64 - Base64 encoded client cerificate
  • VAULT_CLIENT_KEY_BASE64 - Base64 encoded client key
  • VAULT_FIELD_NAME - Set this field to export a single value with the specified key
  • VAULT_PATH - Path to secrets in vault. Example: secret/codefreshsecret (required)
  • VAULT_PATH_DELIMITER - Path delimiter to break up multiple paths in the VAULT_PATH value
  • VAULT_VARIABLE_EXPORT_PREFIX - Add a string prefix to the exported variable names of groups or single values
    Vault_to_Env:
  title: Importing vault values
  type: vault
  arguments:
    VAULT_ADDR: '${{VAULT_ADDR}}'
    VAULT_PATH: '${{VAULT_PATH}}'
    VAULT_AUTH_TOKEN: '${{VAULT_AUTH_TOKEN}}'

  
    Vault_to_Env:
  title: Importing vault values
  type: vault
  arguments:
    VAULT_ADDR: '${{VAULT_ADDR}}'
    VAULT_PATH: '${{VAULT_PATH}}'
    VAULT_AUTH_TOKEN: '${{VAULT_AUTH_TOKEN}}'
    VAULT_CLIENT_CERT_BASE64: '${{VAULT_CLIENT_CERT_BASE64}}'
    VAULT_CLIENT_KEY_BASE64: '${{VAULT_CLIENT_KEY_BASE64}}'

  
    Vault_to_Env:
  title: Importing vault values
  type: vault
  arguments:
    VAULT_ADDR: '${{VAULT_ADDR}}'
    VAULT_PATH: '${{VAULT_PATH}}'
    VAULT_AUTH_METHOD: APPROLE
    APPROLE_ROLE_ID: '${{APPROLE_ROLE_ID}}'
    APPROLE_SECRET_ID: '${{APPROLE_SECRET_ID}}'

  
    Vault_to_Env:
  title: Importing vault values
  type: vault
  arguments:
    VAULT_ADDR: '${{VAULT_ADDR}}'
    VAULT_PATH: '${{VAULT_PATH}}'
    VAULT_AUTH_TOKEN: '${{VAULT_AUTH_TOKEN}}'
    VAULT_FIELD_NAME: some-key-name

  
    Vault_to_Env:
  title: Importing vault values
  type: vault
  arguments:
    VAULT_ADDR: '${{VAULT_ADDR}}'
    VAULT_PATH: kv/firstpath;kv/secondpath
    VAULT_PATH_DELIMITER: ;
    VAULT_AUTH_TOKEN: '${{VAULT_AUTH_TOKEN}}'

  
    Vault_to_Env:
  title: Importing vault values
  type: vault
  arguments:
    VAULT_ADDR: '${{VAULT_ADDR}}'
    VAULT_PATH: kv/firstpath;kv/secondpath
    VAULT_PATH_DELIMITER: ;
    VAULT_AUTH_TOKEN: '${{VAULT_AUTH_TOKEN}}'
    VAULT_VARIABLE_EXPORT_PREFIX: pre_
github.com
Brandon Phillips
Jun 17, 2020
source