actions/secretsmanager
3
0
Fork 0
Code Issues Pull requests Projects Releases 3 Packages Wiki Activity Actions
secretsmanager/README.md

53 lines
2.5 KiB
Markdown
Raw Blame History

# STACKIT Secrets Manager Action
## parameters
| parameter | description | default |
| --- | --- | --- |
| vault_addr | Secrets Manager Base URL | https://prod.sm.eu01.stackit.cloud |
| vault_id | Your Secrets Manager ID, looks something like this: 6d9060fd-59b4-4dda-9106-b2dbe88acf65 | - |
| vault_username | Your Secrets Manager Username, looks something like this: sms96o170771ttt6 | - |
| vault_password | Your Secrets Manager Password, a random generated password provided by the STACKIT Portal | - |
| vault_path | The Path to your Secret can be some like this: "test" or "folder/test" | - |
| debug | true or false, enable or disable Debug Logging | false |
| version | version of action, default says v0 but it should be the same as in the git ref. See [releases](https://stackit-solutions.git.onstackit.cloud/actions/secretsmanager/releases). | v0 |
## usage
In this example we assume that there is a Secret on Path "${{ secrets.VAULT_PATH}}" and there is a KVSecret named "test".
In the "Output secret" step we output above mentioned KVSecret "test". We access the outputs of the secrets step.
Keep in mind to set an id on the actions step and use that to reference the outputted secrets.
```yaml
name: Secrets Manager Action
on:
push:
workflow_dispatch:
jobs:
get-vault-secrets:
runs-on: docker
# here we can also define outputs for use in other stages
# keep in mind that other "stages" need to define a "needs" for this job
outputs:
# here i use our example secret "test"
test: ${{ steps.fetch-secrets.outputs.test }}
steps:
- name: Fetch secrets from STACKIT Secrets Manager
id: secrets
uses: https://stackit-solutions.git.onstackit.cloud/actions/secretsmanager@v0
with:
# vault_addr: 'https://prod.sm.eu01.stackit.cloud' # Optional - uses default STACKIT endpoint
vault_id: ${{ secrets.VAULT_ID }} # Your Secrets Manager ID
vault_username: ${{ secrets.VAULT_USERNAME }} # Your STACKIT Secrets Manager username
vault_password: ${{ secrets.VAULT_PASSWORD }} # Your STACKIT Secrets Manager password
vault_path: ${{ secrets.VAULT_PATH }} # The secret key/path in your Secrets Manager
debug: false # Set to 'true' for debug logging
version: v0 # Optional - here you can override the binary download version
- name: Output secret
run: |
echo ${{ steps.secrets.outputs.test}}
```
Reference in a new issue View git blame Copy permalink