Get ephemeral credential with vault to a gitlab instance to create repo/branch/etc

jsfrerot · April 16, 2021, 1:06pm

Hi !
I’m trying to figure out a way, on a specific gitlab instance, to create gitlab repos dynamically and also be able to create/delete branches and tags.
I could simply create a static username create an api key and give it to my script to achieve this.

However I would like to be able to do it with ephemeral credential. Since we have a vault cluster, I was wondering if we can configure gitlab and vault with an app_role to create a temporary account in gitlab to do what I need.

Or maybe this is not the way to go and I should use an other method?

Thank you for your help.

balonik · April 16, 2021, 3:01pm

Hi @jsfrerot
you would need a Secret Engine in Vault that could create this ephemeral account in GitLab. Looking at the Secret Engines on official Vault docs there isn’t such Secret Engine. So if you would write your own then you can use it to manage ephemeral accounts in GitLab.
app_role is authentication method for Vault so something you use to login to Vault.