feat: STACKIT Secrets Manager Action

2025-07-07 21:32:39 +02:00 · 2025-07-07 21:32:39 +02:00 · cc0c27a4e9
commit cc0c27a4e9
9 changed files with 401 additions and 0 deletions
--- a/README.md
+++ b/README.md
@ -0,0 +1,51 @@
+# STACKIT Secrets Manager Action
+
+## parameters
+
+| parameter | description | default |
+| --- | --- | --- |
+| vault_addr | Secrets Manager Base URL |  https://prod.sm.eu01.stackit.cloud |
+| vault_id | Your Secrets Manager ID, looks something like this: 6d9060fd-59b4-4dda-9106-b2dbe88acf65 | - |
+| vault_username | Your Secrets Manager Username, looks something like this: sms96o170771ttt6 | - |
+| vault_password | Your Secrets Manager Password, a random generated password provided by the STACKIT Portal | - |
+| vault_path | The Path to your Secret can be some like this: "test" or "folder/test" | - |
+| debug | true or false, enable or disable Debug Logging | false |
+
+## usage
+
+In this example we assume that there is a Secret on Path "${{ secrets.VAULT_PATH}}" and there is a KVSecret named "test".
+In the "Output secret" step we output above mentioned KVSecret "test". We access the outputs of the secrets step.
+
+Keep in mind to set an id on the actions step and use that to reference the outputted secrets. 
+
+```yaml
+name: Secrets Manager Action
+
+on:
+  push:
+  workflow_dispatch:
+
+jobs:
+  get-vault-secrets:
+    runs-on: docker
+    # here we can also define outputs for use in other stages
+    # keep in mind that other "stages" need to define a "needs" for this job
+    outputs:
+      # here i use our example secret "test"
+      test: ${{ steps.fetch-secrets.outputs.test }}
+    steps:
+      - name: Fetch secrets from STACKIT Secrets Manager
+        id: secrets
+        uses: https://stackit-solutions.git.onstackit.cloud/actions/secretsmanager@main
+        with:
+          # vault_addr: 'https://prod.sm.eu01.stackit.cloud'   # Optional - uses default STACKIT endpoint
+          vault_id: ${{ secrets.VAULT_ID }}                    # Your Secrets Manager ID
+          vault_username: ${{ secrets.VAULT_USERNAME }}        # Your STACKIT Secrets Manager username
+          vault_password: ${{ secrets.VAULT_PASSWORD }}        # Your STACKIT Secrets Manager password
+          vault_path: ${{ secrets.VAULT_PATH }}                # The secret key/path in your Secrets Manager
+          debug: false                                         # Set to 'true' for debug logging
+
+      - name: Output secret
+        run: |
+          echo ${{ steps.secrets.outputs.test}}
+```