Best way to vary secrets (from vault) by environment

I have the integration between gitlab-ci and vault functioning but I have found that you cannot use variables in the secret definition. I can do:

    vault: my-org/my-subgroup/my-project/prd/database/password@secret

to read:

      password: something_really_secure

But would like to do something like:

    vault: $CI_PROJECT_PATH/$CI_ENVIRONMENT_NAME/database/password@secret

This would allow me to put all my secrets into a hidden job and then easily extend other jobs to include them. As it is I cannot see any way to use this integration short of hand coding each secret in each environment.

Hi @jon.craig
currently you have to specify it per job. There is opened issue for using variables inside secret paths