Hi, full disclosure, I’m new to gitlab, but I’ve hit a problem with the vault integration.
I’ve been setting it up with my installation following the documentation (https://docs.gitlab.com/ee/ci/examples/authenticating-with-hashicorp-vault/index.html and https://docs.gitlab.com/ee/ci/secrets/#use-vault-secrets-in-a-ci-job).
The vault integration documentation says that this is a premium feature so I’ve setup a trial license to see if it will work too.
I’ve successfully managed to get a secret out of my vault using the manual method listed in the docs here:
https://docs.gitlab.com/ee/ci/examples/authenticating-with-hashicorp-vault/index.html#example
I would prefer to be able to get the secret using the provided secrets: mechanism listed here:
https://docs.gitlab.com/ee/ci/secrets/#use-vault-secrets-in-a-ci-job.
The problem I’m seeing is “The secrets provider can not be found” (see screenshot below).
My gitlab-ci.yml looks like this:
read_secrets:
image:
name: vault:1.6.2
script:
- export VAULT_ADDR=https://<my-domain.com>
- export VAULT_TOKEN="$(vault write -field=token auth/jwt/login role=gitlab-ci jwt=$CI_JOB_JWT)"
- echo $VAULT_TOKEN
- echo $CI_JOB_JWT
- vault status
- echo $CI_COMMIT_REF_NAME
- echo $CI_COMMIT_REF_PROTECTED
- export PASSWORD="$(vault kv get -field=password gitlab/test)"
# Use the secret
- echo $PASSWORD
- echo $DATABASE_PASSWORD
# not currently working:
secrets:
DATABASE_PASSWORD:
vault: gitlab/test/password
Everything above secrets: works correctly and gets the secret out of the vault (I commented the secrets section out to test).
I was expecting that the secret would have been grabbed from the vault and displayed in the output.
My google foo has let me down on this one. Maybe it’s because of my noob status, is there’s any other documentation that I’ve missed, or does somebody know what the issue is here?
Thanks
Gitlab version 13.8 (self managed)