Support Vault EE Namespaces with JWT via YAML configuration
Problem to solve
GitHub currently supports namespace specifications for Vault Enterprise. GitLab needs to be able to expand the BYOV instance to support Namespaces in Vault
https://github.com/marketplace/actions/vault-secrets#vault-enterprise-features
Proposal
Update the detailed syntax to support new optional namespace parameter, for example:
secrets:
SSL_PRIVATE_KEY:
vault:
namespace: infrastructure
engine:
name: kv-v2
path: aws
path: gitlab-test/ssl
field: private-keyand pass it to Runner to use when authenticating / reading secrets.
Reference documentation: https://www.vaultproject.io/docs/enterprise/namespaces.
Additional notes
Within !80590 (merged), support for Vault EE Namespaces with JWT is already in place via a CI variable.
This issue will implement a YAML configuration to support Vault EE Namespaces with JWT.