October 21, 2021, 10:50am
Dear Gitlab community,
I have a local free community gitlab instance and I am trying to integrate it with my vault server to read secrets. I use jwt authentication method for this and I am getting a permission denied when trying to authenticate.
vault write -field=token auth/jwt/login role=my-role jwt=$CI_JOB_JWT
I would like to troubleshoot this but for this I need to be able to read the masked value of CI_JOB_JWT
How can I show masked values in the jobs logs web interface?
- JQ=./jq #the latest not the official (1.5 does not support @base64d)
- curl -sLo jq https://github.com/stedolan/jq/releases/download/jq-1.6/jq-linux64 > $JQ && chmod +x $JQ
- ./jq -R 'split(".") | .,. | @base64d | fromjson' <<< "$CI_JOB_JWT"
did you find a solution? i have a similar problem, i try everything but get a missing token. and i was wondering if you might have found a solution.
You can use
echo $CI_JOB_JWT | base64. Instead of
[MASKED] it will return your jwt token encoded with base64. To read it: first decode base64, then decode RS256.
Don’t use it in prod environments