I have the integration between gitlab-ci and vault functioning but I have found that you cannot use variables in the secret definition. I can do:
secrets: my_secret: vault: my-org/my-subgroup/my-project/prd/database/password@secret
secret/data/my-org/my-subgroup/my-project/prd/database: password: something_really_secure
But would like to do something like:
secrets: my_secret: vault: $CI_PROJECT_PATH/$CI_ENVIRONMENT_NAME/database/password@secret
This would allow me to put all my secrets into a hidden job and then easily extend other jobs to include them. As it is I cannot see any way to use this integration short of hand coding each secret in each environment.