Add support for Hashicorp Vault JFrog Artifactory secrets engine
Release notes
JFrog Artifactory plugin allows the user the obtain dynamically created token with a specific TTL when reading a secret from Hashicorp Vault. This is useful since Gitlab can also obtain a dynamically created token from Artifacotry and use it in the CICD Job.
Problem to solve
Currently the integration between Gitlab and Hashicorp Vault can use only the KV-V2 secrets engine. It will be good to be able to use the Artifactory secrets engine in Hashicorp Vault when using the "secrets:" directive in the gitlab-ci.yml file.
Proposal
Gitlab to be updated to support Artifactory Secrets Engine in Hashicorp Vault. Probably by using the current convention: gitlab-ci.yml file
secrets:
JFROG_TOKEN:
vault:
engine:
name: artifactory
path: artifactory
path: artifactory/token/gitlab
field: access_token
file: falseand/or
secrets:
JFROG_TOKEN:
vault: artifactory/token/gitlab/access_token@artifactory
file: falseIntended users
Everyone who is using Gitlab CICD with JFROG Artifactory and wants to bring additional security in place. Ideally developer, tech leads, devops engineers etc.