Add rake task to configure Vault
What does this Merge Request do and why?
This MR adds a vault:configure
Rake task that configures Vault to allow the fetching from secrets from a specific GDK project. It is used like:
bundle exec rake vault:configure[<project_id>]
It allows secrets to be fetched using the configuration:
test_secrets:
variables:
VAULT_AUTH_PATH: gitlab
VAULT_AUTH_ROLE: gitlab-test-role
VAULT_SERVER_URL: http://<vault_ip_address>:8200
secrets:
TEST_ID_TOKEN:
id_token:
aud: '<gdk_address>' # ex. https://gdk.test:3443
DATABASE_PASSWORD:
vault: gitlab-test/db/password
script:
- echo $DATABASE_PASSWORD
- cat $DATABASE_PASSWORD
If gitlab!100281 (closed) has not been merged yet, check out the 356986-aw-add-id-token-keyword
branch in gitlab
in order to use the id_token
feature
Merge Request checklist
-
This change is backward compatible. If not, please include steps to communicate to our users. -
Tests added for new functionality. If not, please raise Issue to follow-up. -
Documentation added/updated, if needed. -
gdk doctor
test added, if needed. -
Add the ~highlight
label if this MR should be included in theCHANGELOG.md
.
Edited by Avielle Wolfe