With this action you can fetch secrets from Azure Key Vault instance and consume in your GitHub Action workflows.
Fetched secrets will be set as environment variables and can be consumed in the subsequent actions in the workflow using the env context e.g ${{ env.STORAGE_ACCOUNT_NAME }}. All environment variables values are masked in log. Additionally, secret names are converted to UPPER_CASE format.
Authenticate with Azure login action and give roles to Azure service principal to Get and List secrets from Azure key vault. More information you can find here
jobs:
build:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v3
- uses: Azure/login@v1
with:
creds: ${{ secrets.AZURE_CREDENTIALS }}
- name: Init secrets from KV as envs
uses: actions/setup-keyvault-secrets@v1
with:
kv-subscription-name: ${{ secrets.CI_KEY_VAULT_SUBSCRIPTION }}
kv-name: ${{ secrets.CI_KEY_VAULT_NAME }}
- name: Create container
run: |
az storage container create \
--auth-mode login \
--account-name ${{ env.STORAGE_ACCOUNT_NAME }} \
--name ${{ env.CONTAINER_NAME }}
The scripts and documentation in this project are released under the MIT License