Vault
Description
This plugin enables the ability pull secrets from Vault into the secret mount within a Vela pipeline.
Source Code: https://github.com/go-vela/secret-vault
Registry: https://hub.docker.com/r/target/secret-vault
Usage
Sample of writing a secret using token authentication:
secrets:
+ Create documentation issueVault
Description
This plugin enables the ability pull secrets from Vault into the secret mount within a Vela pipeline.
Source Code: https://github.com/go-vela/secret-vault
Registry: https://hub.docker.com/r/target/secret-vault
Usage
Sample of retrieving a secret using token authentication:
secrets:
- origin:
name: vault
image: target/vela/secret-vault:latest
@@ -42,7 +42,7 @@
# Written to path: "/vela/secrets/docker/<key>"
- source: secret/vela/username
path: docker
-Sample of reading a secret using ldap authentication:
secrets:
+Sample of retrieving a secret using ldap authentication:
secrets:
- origin:
name: vault
image: target/vela/secret-vault:latest
@@ -71,7 +71,27 @@
# Written to path: "/vela/secrets/docker/<key>"
- source: secret/vela/username
path: docker
-Secrets
NOTE: Users should refrain from configuring sensitive information in your pipeline in plain text.
NOTE: Secrets used within the secret plugin must exist as Vela secrets.
You can use Vela secrets to substitute sensitive values at runtime:
secrets:
+Sample of retrieving a secret and writing it to multiple paths with a new key:
secrets:
+ - origin:
+ name: vault
+ image: target/vela/secret-vault:latest
+ secrets:
+ - source: superSecretToken
+ target: vault_token
+ parameters:
+ addr: vault.company.com
+ auth_method: token
+ items:
+ # assume user_A has two keys: `id` and `token`, but we want it to be `username` and `password`
+ #
+ # this will write to `/vela/secrets/kaniko/username` and `/vela/secrets/kaniko/password`
+ # and also `/vela/secrets/artifactory/username` and `/vela/secrets/artifactory/password`
+ - source: secret/vela/user_A
+ path: [ kaniko, artifactory ]
+ keys:
+ id: username
+ token: password
+Secrets
NOTE: Users should refrain from configuring sensitive information in your pipeline in plain text.
NOTE: Secrets used within the secret plugin must exist as Vela secrets.
You can use Vela secrets to substitute sensitive values at runtime:
secrets:
# Repo secret created within Vela
- name: vault_token
@@ -88,7 +108,7 @@
# Written to path: "/vela/secrets/docker/<key>"
- source: secret/vela/username
path: docker
-Parameters
The following parameters are used to configure the image:
| Name | Description | Required | Default |
|---|---|---|---|
addr | address to the instance | true | N/A |
auth_method | authentication method for interfacing (i.e. token, ldap) | true | N/A |
log_level | set the log level for the plugin | true | info |
password | password for server authentication with ldap | false | N/A |
token | token for server authentication | false | N/A |
username | set the log level for the plugin | false | N/A |
Read
The following parameters are used to configure reading:
| Name | Description | Required | Default |
|---|---|---|---|
items | enables pretending to perform the apply | true | false |
Template
COMING SOON!
Troubleshooting
Below are a list of common problems and how to solve them: