Summon Buildkite Plugin
Some reasons you might care:
- Maybe you're still hardcoding secrets in your Buildkite pipeline settings? If so, that is bad and you should stop. This plugin helps you stop.
- You can immediately leverage any of the existing
summonsecrets providers, so you have flexibility in what secure storage you use.
- By installing different default providers on different machines, you can fetch secrets appropriately in different locations without changing configuration, e.g., pulling from a local keyring in development but from AWS SM in CI.
Here's a simple pipeline configuration:
steps: - plugins: - angaza/summon#v0.1.0: secrets-file: path/to/secrets.yml
The secrets fetched by
summon are exported as environment variables to the
rest of the step, including subsequent plugins. To use with the Docker Compose
steps: - plugins: - angaza/summon#v0.1.0: secrets-file: path/to/secrets.yml - docker-compose#v2.6.0: config: path/to/docker-compose.yml run: service-name
summon options are supported:
steps: - plugins: - angaza/summon#v0.1.0: secrets-file: path/to/secrets.yml provider: summon-s3 environment: production substitutions: - REGION=us-east-1
The plugin runs during the
hook, the earliest
point at which the repo is available, since you will typically (but are not
required to) reference a checked-in
summon must already be installed in the environment where your agent runs,
along with whatever provider(s) will be used.
You can run the tests for this plugin with:
docker-compose run --rm tests
MIT (see LICENSE)