Issue with Bash Commands in Alpine Images Using ‘hashicorp/vault:lates

Description:

Hello GitLab community,

I’m encountering an issue while trying to use Bash commands within Alpine images, specifically when using the hashicorp/vault:latest image. My script is as follows:

stages:
  - read-secrets

variables:
  VAULT_SECRETS: "kv/app/prod:appprod-password,kv/db/prod:dbprod-password"

.authenticate:
  tags:
    - docker
  image: hashicorp/vault:latest
  id_tokens:
    VAULT_AUTH_TOKEN:
      aud: $VAULT_ADDR
  script:
    - export VAULT_TOKEN="$(vault write -field=token auth/jwt/login role=$VAULT_AUTH_ROLE jwt=$VAULT_AUTH_TOKEN)"
    - |
      IFS=',' read -ra secrets <<< "$VAULT_SECRETS"
      for secret_info in "${secrets[@]}"; do
        IFS=':' read -r secret_path secret_field <<< "$secret_info"
        echo "Fetching secret for path $secret_path and field $secret_field"
        secret_value="$(vault kv get -field="$secret_field" "$secret_path")"
        echo "Fetched secret value $secret_value"
        export "SECRET_${secret_field^^}"="$secret_value"
      done

read-secrets:
  stage: read-secrets
  extends: .authenticate

The issue arises when attempting to use the Internal Field Separator (IFS) within the hashicorp/vault:latest image. Unfortunately, it seems that IFS is not functioning as expected.

If anyone has encountered a similar problem or has suggestions for resolving this issue, I would greatly appreciate your insights.

Thank you in advance for your assistance!

AFAIK alpine based images do not provide support for bash as shell, and require to install bash manually.

Something along the lines of the following, untested.

  - apk update
  - apk add bash
  - bash
  - <more code>
2 Likes