9.7K

Fetch specific secrets from Hashicorp Vault vault-next-gen

Read specific secrets from multiple paths in Hashicorp Vault inside a Codefresh pipeline.

arguments

  • APPROLE_ROLE_ID - Vault AppRole Role ID. Required if auth method is APPROLE
  • APPROLE_SECRET_ID - Vault AppRole Secret ID. Required if auth method is APPROLE
  • MOUNT_POINT - Vault Secrets Engines name (Run CLI command: vault secrets list -detailed)
  • NEW_LINE_REPLACEMENT_STRING - Specify the value to use to replace new lines: Default is \n
  • SECRETS - Array list of secrets in this pattern - exportvariablename=path:secretname
  • VAULT_ADDR - Vault server URI. Example: https://vault.testdomain.io:8200 (required)
  • VAULT_AUTH_METHOD - Vault authentication method. Valid options: APPROLE or TOKEN
  • VAULT_CLIENT_CERT_BASE64 - Base64 encoded client cerificate
  • VAULT_CLIENT_KEY_BASE64 - Base64 encoded client key
  • VAULT_KV_VERSION - Vault secrets version [1 or 2] (Run CLI command: vault secrets list -detailed)
  • VAULT_TOKEN - Vault authentication token (required)
  • VERBOSE - Add more detailed logging
    Vault_to_Env:
  title: Importing vault values
  type: vault-next-gen
  arguments:
    VAULT_ADDR: '${{VAULT_ADDR}}'
    MOUNT_POINT: '${{MOUNT_POINT}}'
    VAULT_TOKEN: '${{VAULT_AUTH_TOKEN}}'
    SECRETS:
      - 'EXPORT_NAME=path:secret'

  
    Vault_to_Env:
  title: Importing vault values
  type: vault-next-gen
  arguments:
    VAULT_ADDR: '${{VAULT_ADDR}}'
    MOUNT_POINT: '${{MOUNT_POINT}}'
    VAULT_TOKEN: '${{VAULT_AUTH_TOKEN}}'
    VAULT_CLIENT_CERT_BASE64: '${{VAULT_CLIENT_CERT_BASE64}}'
    VAULT_CLIENT_KEY_BASE64: '${{VAULT_CLIENT_KEY_BASE64}}'
    SECRETS:
      - 'EXPORT_NAME=path:secret'

  
    Vault_to_Env:
  title: Importing vault values
  type: vault-next-gen
  arguments:
    VAULT_ADDR: '${{VAULT_ADDR}}'
    MOUNT_POINT: '${{MOUNT_POINT}}'
    VAULT_AUTH_METHOD: APPROLE
    APPROLE_ROLE_ID: '${{APPROLE_ROLE_ID}}'
    APPROLE_SECRET_ID: '${{APPROLE_SECRET_ID}}'
    SECRETS:
      - 'EXPORT_NAME=path:secret'

  
    Vault_to_Env:
  title: Importing vault values
  type: vault-next-gen
  arguments:
    VAULT_ADDR: '${{VAULT_ADDR}}'
    MOUNT_POINT: '${{MOUNT_POINT}}'
    VAULT_TOKEN: '${{VAULT_AUTH_TOKEN}}'
    SECRETS:
      - 'EXPORT_NAME=path:secret'
      - 'EXPORT_NAME2=path2:secret2'

  
    Vault_to_Env:
  title: Importing vault values
  type: vault-next-gen
  arguments:
    VAULT_ADDR: '${{VAULT_ADDR}}'
    MOUNT_POINT: '${{MOUNT_POINT}}'
    VAULT_TOKEN: '${{VAULT_AUTH_TOKEN}}'
    VAULT_KV_VERSION: 1
    SECRETS:
      - 'EXPORT_NAME=path:secret'
      - 'EXPORT_NAME2=path2:secret2'

  
    Vault_to_Env:
  title: Importing vault values
  type: vault-next-gen
  arguments:
    VAULT_ADDR: '${{VAULT_ADDR}}'
    MOUNT_POINT: '${{MOUNT_POINT}}'
    VAULT_TOKEN: '${{VAULT_AUTH_TOKEN}}'
    VAULT_KV_VERSION: 1
    NEW_LINE_REPLACEMENT_STRING: BASE64
    SECRETS:
      - 'EXPORT_NAME=path:secret'
      - 'EXPORT_NAME2=path2:secret2'

  
github.com
Brandon Phillips
Jul 4, 2021