Hi,
I’m using the database engine in Vault, and would like to access both static and dynamic credentials/secrets using gitlab external secrets.
Has anyone been able to do this and, if so, what values should I be using in the gitlab-ci yaml?
I’m worried because the documentation only shows usage with the kv-v2 engine, where it looks like GitLab produces a final path made from the engine path, a hardcoded “data” string, and the given secret path.
However I need the “data” path component replaced with either “creds” or “static-creds” depending on if I’m accessing a dynamic or static credential (the engine path is the same either way).
I’m assuming the “data” path component might be controllable via the engine:name but I can’t find any valid values searching the documentation (or gitlab issues, or forum posts).
Any ideas? Does gitlab even support vault engines other than kv-v2?
The fallback is, of course, the manual way (using the script to vault-login and vault-read every secret+field you need into variables/files as needed).
Cheers,
Gary
. Cheers.