This repository contains Vault patterns intended for use within the NR Data Analytics Platform (DAP). Contents of the repository:
- Docker container to automate interaction with the NR Broker and NR Vault API
- Custom GitHub Action to access Vault secrets (using the aforementioned Docker container)
BROKER_JWT- Required - Token to open intention with the NR BrokerVAULT_ENV- Required - One of: dev/test/prodSECRET_NAME- Required Name of the secret to be extracted as output
name: vault-workflow
on: [push]
jobs:
pull:
name: Import Vault Secrets
runs-on: ubuntu-22.04
steps:
- name: NR Vault Pattern
id: nr-vault-patterns
uses: bcgov/nr-vault-patterns@main
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
with:
BROKER_JWT: ${{ secrets.BROKER_JWT }}
VAULT_ENV = 'dev'
SECRET_NAME = 'ods-dev'The container image is built and pushed to the GHCR any time there is a push or PR to the main branch. Images are named according to the file path and tagged with the branch name.
docker pull ghcr.io/bcgov/nr-vault-patterns:mainThis Vault pattern is based on the following API steps:
-
NR Broker - Open Intention
-
NR Broker - Provision Token
-
NR Vault - Unwrap Token
-
NR Vault - Get secret