A custom CircleCI Orb for HashiCorp Vault CLI.
This Orb provides a few commands as below:
| Command | Description | Documentation |
|---|---|---|
install |
Install Vault binary to the current executor environment. | link |
auth-oidc |
Authenticate with Vault using OIDC and obtain a token. Upon successful authentication, the obtained token will be set to the VAULT_TOKEN environment variable using $BASH_ENV. |
link |
revoke-self |
Revoke the token set to the VAULT_TOKEN environment variable against the Vault instance set to the VAULT_ADDR environment variable. |
link |
description: |
Install Vault binary, authenticate using OIDC, and get secrets.
usage:
version: 2.1
orbs:
orb-hashicorp-vault-cli: smaeda-ks/[email protected]
jobs:
my-job:
machine: true
steps:
- checkout
# Install Vault
- orb-hashicorp-vault-cli/install
# Authenticate using OIDC and obtain token
# This will automatically set VAULT_TOKEN env variable
- orb-hashicorp-vault-cli/auth-oidc:
vault-address: "http://localhost:8200"
vault-role: "circleci-dev"
- run:
name: Get secret
command: |
# export secret using $BASH_ENV
# so it can be referenced by subsequent steps within the job
FOO=$(vault kv get -field=password secret/circleci/dev)
echo "export SECRET_FOO=${FOO}" >> $BASH_ENV
# Revoke Vault token after finishing all steps
- orb-hashicorp-vault-cli/revoke-self
workflows:
use-my-orb:
jobs:
- my-job:
# You must use context for jobs require OIDC
context: my-contextAn example Vault configuration can be found in this repository's .circleci folder:
https://github.com/smaeda-ks/orb-hashicorp-vault-cli/blob/main/.circleci
CircleCI Orb Registry Page - The official registry page of this orb for all versions, executors, commands, and jobs described. CircleCI Orb Docs - Docs for using and creating CircleCI Orbs.
We welcome issues to and pull requests against this repository!