Add rake task to configure Vault (!2766) · Merge requests · GitLab.org / GitLab Development Kit

Avielle Wolfe requested to merge 369351-aw-add-vault-helpers into main Oct 17, 2022

What does this Merge Request do and why?

This MR adds a vault:configure Rake task that configures Vault to allow the fetching from secrets from a specific GDK project. It is used like:

bundle exec rake vault:configure[<project_id>]

It allows secrets to be fetched using the configuration:

test_secrets:
  variables:
    VAULT_AUTH_PATH: gitlab
    VAULT_AUTH_ROLE: gitlab-test-role
    VAULT_SERVER_URL: http://<vault_ip_address>:8200
  secrets:
    TEST_ID_TOKEN:
      id_token:
        aud: '<gdk_address>' # ex. https://gdk.test:3443
    DATABASE_PASSWORD:
      vault: gitlab-test/db/password 
  script:
    - echo $DATABASE_PASSWORD
    - cat $DATABASE_PASSWORD

If gitlab!100281 (closed) has not been merged yet, check out the 356986-aw-add-id-token-keyword branch in gitlab in order to use the id_token feature

Merge Request checklist

This change is backward compatible. If not, please include steps to communicate to our users.
Tests added for new functionality. If not, please raise Issue to follow-up.
Documentation added/updated, if needed.
gdk doctor test added, if needed.
Add the ~highlight label if this MR should be included in the CHANGELOG.md.

Edited Nov 08, 2022 by Avielle Wolfe

Add rake task to configure Vault

What does this Merge Request do and why?

Merge Request checklist

Merge request reports