Hello,
I have recently been trying to configure my ci/cd pipeline for my self-hosted gitlab and vault instance. Despite my best efforts, I just can’t seem to make it work.
It seems that my runners simply don’t try to resolve the secrets. I have seen in logs on the internet that there should be a “resolving secrets” step, but I just don’t have it.
With the following .gitlab-ci.yml, I don’t have any logs about the secrets in the job’s logs.
- CI configuration
stages:
- build
echo_vault:
stage: build
id_tokens:
VAULT_ID_TOKEN:
aud: https://gitlab.[redacted].com
secrets:
SECRET_HELLO:
vault: [redacted]/gitlab_test/hello@secrets
file: false
token: $VAULT_ID_TOKEN
script:
- echo "[$SECRET_HELLO]"
- Output logs
Running with gitlab-runner 16.2.0 (782e15da)
on gitlab_swarm_runner_01 RzJHa6DYw, system ID: r_X4JrXDFU0ZX7
Preparing the "docker" executor
Using Docker executor with image docker:24 ...
Pulling docker image docker:24 ...
Using docker image sha256:e3b0e0da1cc0a4006701cacd6f7e3b30e1c78972339f3f03976f6bf189583697 for docker:24 with digest docker@sha256:b1f43c30e065966611cf5e38012fda2145bc08b01082fa102296957d77c2cb4c ...
Preparing environment
Running on runner-rzjha6dyw-project-2-concurrent-0 via eb85449cc52c...
Getting source from Git repository
Fetching changes with git depth set to 20...
Reinitialized existing Git repository in /builds/[redacted]/cicd_test/.git/
Checking out a2f3afb8 as detached HEAD (ref is main)...
Skipping Git submodules setup
Executing "step_script" stage of the job script
Using docker image sha256:e3b0e0da1cc0a4006701cacd6f7e3b30e1c78972339f3f03976f6bf189583697 for docker:24 with digest docker@sha256:b1f43c30e065966611cf5e38012fda2145bc08b01082fa102296957d77c2cb4c ...
$ echo "[$SECRET_HELLO]"
[]
Cleaning up project directory and file based variables
Job succeeded
I have tried to purposefully do a wrong setup in the hope of getting an error, but to no avail.
My gitlab version is 16.1 and my runners are on 16.2.0