docs: highlight vault using id token (87bbc28b) · Commits · to be continuous... / Dependency-Track

README.md

+5 −4

Original line number	Diff line number	Diff line
		@@ -231,10 +231,12 @@ In order to be able to communicate with the Vault server, the variant requires t
		\| Name \| Description \| Default value \|
		\| ----------------- \| -------------------------------------- \| ----------------- \|
		\| `TBC_VAULT_IMAGE` \| The [Vault Secrets Provider](https://gitlab.com/to-be-continuous/tools/vault-secrets-provider) image to use (can be overridden) \| `registry.gitlab.com/to-be-continuous/tools/vault-secrets-provider:master` \|
		\| `VAULT_BASE_URL` \| The Vault server base API url \| _none_ \|
		\| `VAULT_BASE_URL` \| The Vault server base API url \| must be defined \|
		\| `VAULT_OIDC_AUD` \| The `aud` claim for the JWT \| `$CI_SERVER_URL` \|
		\| :lock: `VAULT_ROLE_ID` \| The [AppRole](https://www.vaultproject.io/docs/auth/approle) RoleID \| must be defined \|
		\| :lock: `VAULT_SECRET_ID` \| The [AppRole](https://www.vaultproject.io/docs/auth/approle) SecretID \| must be defined \|
		\| :lock: `VAULT_ROLE_ID` \| The [AppRole](https://www.vaultproject.io/docs/auth/approle) RoleID \| _none_ \|
		\| :lock: `VAULT_SECRET_ID` \| The [AppRole](https://www.vaultproject.io/docs/auth/approle) SecretID \| _none_ \|

		By default, the variant will authentifacte using a [JWT ID token](https://docs.gitlab.com/ee/ci/secrets/id_token_authentication.html). To use [AppRole](https://www.vaultproject.io/docs/auth/approle) instead the `VAULT_ROLE_ID` and `VAULT_SECRET_ID` should be defined as secret project variables.

		#### Usage

		@@ -270,5 +272,4 @@ variables:
		# Secret managed by Vault
		DEPTRACK_API_KEY: "@url@http://vault-secrets-provider/api/secrets/b7ecb6ebabc231/runner/prod/deptrack?field=api-key"
		VAULT_BASE_URL: "https://vault.acme.host/v1"
		# $VAULT_ROLE_ID and $VAULT_SECRET_ID defined as a secret CI/CD variable
		```