Feature: add project tags to JWT payload used with Vault for integration in Gitlab CI
Proposal
I would like to request another field be added to the payload of the JWT if possible. What I would like is for the tags of the project to be added, probably as another JSON object. Maybe it could be something like:
tags: { "tag1": ..., "tag2": ... }
My use case is for customizing our integration with Vault. Currently we can use fields like namespace_path
in the Vault role definition to determine what paths the role can pull secrets from. This is fine but we have some secrets that are very common across a dev team here at our company and this means there will be quite a decent amount of duplication across projects. We think that project tags could be a flexible way to provide that kind of capability to this problem. We tag all of our projects using project tag with a billing_team
field which would do exactly what we need. I imagine a feature like this could used by others in numerous since it's so flexible and user defined.
I made this request at the request of a support engineer from this internal ZD ticket.