Loading .gitignore +1 −0 Original line number Diff line number Diff line Loading @@ -34,3 +34,4 @@ /.vscode/ reports/coverage.out reports/coverage.out start_vault.sh .gitlab-ci.yml +47 −1 Original line number Diff line number Diff line Loading @@ -27,7 +27,8 @@ variables: GO_BUILD_FLAGS: -tags netgo DOCKER_BUILD_ARGS: "--build-arg CI_PROJECT_URL --build-arg DEFAULT_VAULT_URL" test-service: # this job tests the Docker image on a remote Vault server (configurable) test-on-remote: image: "curlimages/curl" services: - name: "$DOCKER_SNAPSHOT_IMAGE" Loading @@ -36,6 +37,7 @@ test-service: # variables have to be explicitly declared in the YAML to be exported to the service VAULT_BASE_URL: "$TEST_VAULT_BASE_URL" VAULT_ROLE_ID: "$TEST_VAULT_ROLE_ID" VAULT_TOKEN: "$TEST_VAULT_TOKEN" VAULT_SECRET_ID: "$TEST_VAULT_SECRET_ID" stage: acceptance script: Loading @@ -53,3 +55,47 @@ test-service: - branches variables: - "$TEST_VAULT_BASE_URL" # this job tests the Docker image on a local Vault server using the Vault server image # See: https://hub.docker.com/_/vault test-on-local: image: "dwdraju/alpine-curl-jq" services: - name: "$DOCKER_SNAPSHOT_IMAGE" alias: "vault-secrets-provider" - name: "vault" alias: "vault-server" variables: # variables have to be explicitly declared in the YAML to be exported to the service # config for Vault dev mode - see: https://www.vaultproject.io/docs/commands/server#dev-options VAULT_DEV_ROOT_TOKEN_ID: "dev-root-token" # defines the Vault server base URL for Vault Secrets Provider VAULT_BASE_URL: "http://vault-server:8200/v1" # config for # defines the Vault (root) Token for Vault Secrets Provider VAULT_TOKEN: "dev-root-token" # This allows the main container to connect to the services containers FF_NETWORK_PER_BUILD: "1" stage: acceptance script: # wait for a while that all services are UP and running - sleep 5 # check Vault Secrets Provider is UP and healthy - curl -sSf "http://vault-secrets-provider/health" # check Vault is UP and healthy - curl -sSf "$VAULT_BASE_URL/sys/health" # create a secret in Vault - | curl --silent --header "X-Vault-Token: ${VAULT_DEV_ROOT_TOKEN_ID}" --request PUT --data '{"options": {"cas": 0}, "data": {"foo": "bar", "zip": "zap"}}' "${VAULT_BASE_URL}/secret/data/my-secret" # now check we can retrieve the secret through Vault Secrets Provider - | if foo_secret=$(curl -sSf "http://vault-secrets-provider/api/secrets/my-secret?field=foo") then echo "secret retrieved - $foo_secret" else echo "FAILED retrieving secret" curl --silent "http://vault-secrets-provider/api/secrets/my-secret?field=foo" exit 1 fi only: refs: - branches README.md +1 −1 Original line number Diff line number Diff line Loading @@ -12,7 +12,7 @@ in order to decouple the image of your jobs and the way of retrieving secrets. Before using this service, you'll have to configure your Vault server, with: * one or several secrets, * at least one of the following [Auth Mathods](https://www.vaultproject.io/docs/auth) configured with required permissions to access those secrets: * at least one of the following [Auth Methods](https://www.vaultproject.io/docs/auth) configured with required permissions to access those secrets: * [AppRole](https://www.vaultproject.io/docs/auth/approle), * [Token](https://www.vaultproject.io/docs/auth/token), * or [JWT for GitLab](https://www.vaultproject.io/docs/auth/jwt/oidc_providers#gitlab). Loading Loading
.gitignore +1 −0 Original line number Diff line number Diff line Loading @@ -34,3 +34,4 @@ /.vscode/ reports/coverage.out reports/coverage.out start_vault.sh
.gitlab-ci.yml +47 −1 Original line number Diff line number Diff line Loading @@ -27,7 +27,8 @@ variables: GO_BUILD_FLAGS: -tags netgo DOCKER_BUILD_ARGS: "--build-arg CI_PROJECT_URL --build-arg DEFAULT_VAULT_URL" test-service: # this job tests the Docker image on a remote Vault server (configurable) test-on-remote: image: "curlimages/curl" services: - name: "$DOCKER_SNAPSHOT_IMAGE" Loading @@ -36,6 +37,7 @@ test-service: # variables have to be explicitly declared in the YAML to be exported to the service VAULT_BASE_URL: "$TEST_VAULT_BASE_URL" VAULT_ROLE_ID: "$TEST_VAULT_ROLE_ID" VAULT_TOKEN: "$TEST_VAULT_TOKEN" VAULT_SECRET_ID: "$TEST_VAULT_SECRET_ID" stage: acceptance script: Loading @@ -53,3 +55,47 @@ test-service: - branches variables: - "$TEST_VAULT_BASE_URL" # this job tests the Docker image on a local Vault server using the Vault server image # See: https://hub.docker.com/_/vault test-on-local: image: "dwdraju/alpine-curl-jq" services: - name: "$DOCKER_SNAPSHOT_IMAGE" alias: "vault-secrets-provider" - name: "vault" alias: "vault-server" variables: # variables have to be explicitly declared in the YAML to be exported to the service # config for Vault dev mode - see: https://www.vaultproject.io/docs/commands/server#dev-options VAULT_DEV_ROOT_TOKEN_ID: "dev-root-token" # defines the Vault server base URL for Vault Secrets Provider VAULT_BASE_URL: "http://vault-server:8200/v1" # config for # defines the Vault (root) Token for Vault Secrets Provider VAULT_TOKEN: "dev-root-token" # This allows the main container to connect to the services containers FF_NETWORK_PER_BUILD: "1" stage: acceptance script: # wait for a while that all services are UP and running - sleep 5 # check Vault Secrets Provider is UP and healthy - curl -sSf "http://vault-secrets-provider/health" # check Vault is UP and healthy - curl -sSf "$VAULT_BASE_URL/sys/health" # create a secret in Vault - | curl --silent --header "X-Vault-Token: ${VAULT_DEV_ROOT_TOKEN_ID}" --request PUT --data '{"options": {"cas": 0}, "data": {"foo": "bar", "zip": "zap"}}' "${VAULT_BASE_URL}/secret/data/my-secret" # now check we can retrieve the secret through Vault Secrets Provider - | if foo_secret=$(curl -sSf "http://vault-secrets-provider/api/secrets/my-secret?field=foo") then echo "secret retrieved - $foo_secret" else echo "FAILED retrieving secret" curl --silent "http://vault-secrets-provider/api/secrets/my-secret?field=foo" exit 1 fi only: refs: - branches
README.md +1 −1 Original line number Diff line number Diff line Loading @@ -12,7 +12,7 @@ in order to decouple the image of your jobs and the way of retrieving secrets. Before using this service, you'll have to configure your Vault server, with: * one or several secrets, * at least one of the following [Auth Mathods](https://www.vaultproject.io/docs/auth) configured with required permissions to access those secrets: * at least one of the following [Auth Methods](https://www.vaultproject.io/docs/auth) configured with required permissions to access those secrets: * [AppRole](https://www.vaultproject.io/docs/auth/approle), * [Token](https://www.vaultproject.io/docs/auth/token), * or [JWT for GitLab](https://www.vaultproject.io/docs/auth/jwt/oidc_providers#gitlab). Loading
