I have recently been trying to configure my ci/cd pipeline for my self-hosted gitlab and vault instance. Despite my best efforts, I just can’t seem to make it work.
It seems that my runners simply don’t try to resolve the secrets. I have seen in logs on the internet that there should be a “resolving secrets” step, but I just don’t have it.
With the following .gitlab-ci.yml, I don’t have any logs about the secrets in the job’s logs.
- CI configuration
stages: - build echo_vault: stage: build id_tokens: VAULT_ID_TOKEN: aud: https://gitlab.[redacted].com secrets: SECRET_HELLO: vault: [redacted]/gitlab_test/hello@secrets file: false token: $VAULT_ID_TOKEN script: - echo "[$SECRET_HELLO]"
- Output logs
Running with gitlab-runner 16.2.0 (782e15da) on gitlab_swarm_runner_01 RzJHa6DYw, system ID: r_X4JrXDFU0ZX7 Preparing the "docker" executor Using Docker executor with image docker:24 ... Pulling docker image docker:24 ... Using docker image sha256:e3b0e0da1cc0a4006701cacd6f7e3b30e1c78972339f3f03976f6bf189583697 for docker:24 with digest docker@sha256:b1f43c30e065966611cf5e38012fda2145bc08b01082fa102296957d77c2cb4c ... Preparing environment Running on runner-rzjha6dyw-project-2-concurrent-0 via eb85449cc52c... Getting source from Git repository Fetching changes with git depth set to 20... Reinitialized existing Git repository in /builds/[redacted]/cicd_test/.git/ Checking out a2f3afb8 as detached HEAD (ref is main)... Skipping Git submodules setup Executing "step_script" stage of the job script Using docker image sha256:e3b0e0da1cc0a4006701cacd6f7e3b30e1c78972339f3f03976f6bf189583697 for docker:24 with digest docker@sha256:b1f43c30e065966611cf5e38012fda2145bc08b01082fa102296957d77c2cb4c ... $ echo "[$SECRET_HELLO]"  Cleaning up project directory and file based variables Job succeeded
I have tried to purposefully do a wrong setup in the hope of getting an error, but to no avail.
My gitlab version is 16.1 and my runners are on 16.2.0