actions/secretsmanager
3
0
Fork 0
Code Issues Pull requests Projects Releases 3 Packages Wiki Activity Actions
secretsmanager/README.md
Timo Bergen cc0c27a4e9
Some checks failed
Release Secrets Manager Action / build (push) Has been cancelled
Details
feat: STACKIT Secrets Manager Action
2025-07-07 21:32:39 +02:00

2.2 KiB
Raw Blame History

STACKIT Secrets Manager Action

parameters

parameter description default
vault_addr Secrets Manager Base URL https://prod.sm.eu01.stackit.cloud
vault_id Your Secrets Manager ID, looks something like this: 6d9060fd-59b4-4dda-9106-b2dbe88acf65 -
vault_username Your Secrets Manager Username, looks something like this: sms96o170771ttt6 -
vault_password Your Secrets Manager Password, a random generated password provided by the STACKIT Portal -
vault_path The Path to your Secret can be some like this: "test" or "folder/test" -
debug true or false, enable or disable Debug Logging false

usage

In this example we assume that there is a Secret on Path "${{ secrets.VAULT_PATH}}" and there is a KVSecret named "test". In the "Output secret" step we output above mentioned KVSecret "test". We access the outputs of the secrets step.

Keep in mind to set an id on the actions step and use that to reference the outputted secrets.

name: Secrets Manager Action

on:
  push:
  workflow_dispatch:

jobs:
  get-vault-secrets:
    runs-on: docker
    # here we can also define outputs for use in other stages
    # keep in mind that other "stages" need to define a "needs" for this job
    outputs:
      # here i use our example secret "test"
      test: ${{ steps.fetch-secrets.outputs.test }}
    steps:
      - name: Fetch secrets from STACKIT Secrets Manager
        id: secrets
        uses: https://stackit-solutions.git.onstackit.cloud/actions/secretsmanager@main
        with:
          # vault_addr: 'https://prod.sm.eu01.stackit.cloud'   # Optional - uses default STACKIT endpoint
          vault_id: ${{ secrets.VAULT_ID }}                    # Your Secrets Manager ID
          vault_username: ${{ secrets.VAULT_USERNAME }}        # Your STACKIT Secrets Manager username
          vault_password: ${{ secrets.VAULT_PASSWORD }}        # Your STACKIT Secrets Manager password
          vault_path: ${{ secrets.VAULT_PATH }}                # The secret key/path in your Secrets Manager
          debug: false                                         # Set to 'true' for debug logging

      - name: Output secret
        run: |
          echo ${{ steps.secrets.outputs.test}}