A Github Action that pulls secrets from HashiCrop Vault.
This Github Action is deprecated: We encurage migrating to hashicorp/vault-action
. Read more about it here: #393
jobs:
build:
steps:
- uses: bjerkio/vault-action@v1.2.1
with:
endpoint: 'https://vault-host.io'
path: 'kv/data/hello-world'
- run: echo "${{ toJson(steps.vault.outputs.secret) }}"
If the data is a JSON object, it will be transformed into multiple objects. These are glued together as such:
Example JSON:
{
"info": {
"that": {
"is": "deep"
}
}
}
This will be transformed to steps.vault.outputs.info_that_is
Required The URL of Vault Endpoint.
Path to secret from Vault
Required Type of authentication method. See below.
If this is set to true
(default false
) the vault token will be exported as vault_token
Currently, we only support Github Auth Method. We do appreciate help! Submit a pull request if you wanna see more methods!
...
with:
authMethod: 'token'
token: ${{ secrets.VAULT_TOKEN }}
...
with:
authMethod: 'github'
githubToken: ${{ secrets.GH_TOKEN }}
PS: You cannot use the built in GITHUB_TOKEN
. This is caused by the way
that Vault verifies the account (it needs to know who is signing in.).
Apart from this README, you can find details and examples of using the SDK in the following places:
Feel free to open issues and pull requests. We appreciate all the help we can get! At the moment, the most valuable are adding new auth methods, such as approle. We also really want to add E2E testing!
This Github Actions is inspired by RichiCoder1/vault-action. Some of the methods used in it are reused here.