actions/vault-action
3
0
Fork 0
mirror of https://github.com/hashicorp/vault-action.git synced 2026-04-20 10:45:43 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions

feat: rethink how key retrevial is structued and add e2e test

Browse source
This commit is contained in:
Richard Simpson 2019-09-20 16:59:05 -05:00
parent 9a7f009394
commit 0b17727b1c
No known key found for this signature in database
GPG key ID: 0CECAF50D013D1E2
10 changed files with 191 additions and 179 deletions
Download patch file Download diff file Expand all files Collapse all files

43
README.md
View file

@ -16,10 +16,9 @@ jobs:
vaultUrl: https://vault.mycompany.com
vaultToken: ${{ secrets.VaultToken }}
keys: |
ci_key ;
ci/aws > $.accessKey | AWS_ACCESS_KEY_ID ;
ci/aws > $.secretKey | AWS_SECRET_ACCESS_KEY ;
ci/npm_token | NPM_TOKEN
ci/aws accessKey | AWS_ACCESS_KEY_ID ;
ci/aws secretKey | AWS_SECRET_ACCESS_KEY ;
ci/npm token | NPM_TOKEN
# ...
```
@ -35,17 +34,17 @@ Each key is comprised of the `path` of they key, and optionally a [`JSONPath`](h
### Simple Key
To retrieve a key `ci/npm_token` that has value `somelongtoken` from vault you could do:
To retrieve a key `npmToken` from path `ci` that has value `somelongtoken` from vault you could do:
```yaml
with:
keys: ci/npm_token
keys: ci npmToken
```
`vault-action` will automatically normalize the given path, and output:
`vault-action` will automatically normalize the given data key, and output:
```bash
CI__NPM_TOKEN=somelongtoken
NPMTOKEN=somelongtoken
```
### Set Environment Variable Name
@ -54,40 +53,24 @@ However, if you want to set it to a specific environmental variable, say `NPM_TO
```yaml
with:
keys: ci/npm_token | NPM_TOKEN
keys: ci npmToken | NPM_TOKEN
```
With that, `vault-action` will now use your request name and output:
With that, `vault-action` will now use your requested name and output:
```bash
NPM_TOKEN=somelongtoken
```
### JSON Key
### Multiple Keys
Say you are storing a set of AWS keys as a JSON document in Vault like so:
```json
{
"accessKey": "AKIAIOSFODNN7EXAMPLE",
"secretKey": "wJalrXUtnFEMI/K7MDENG/bPxRfiCYEXAMPLEKEY"
}
```
And you want to set them to `AWS_ACCESS_KEY_ID` and `AWS_SECRET_ACCESS_KEY` respectively so you could use the AWS CLI:
This action can take multi-line input, so say you had your AWS keys stored in a path and wanted to retrieve both of them. You can do:
```yaml
with:
keys: |
ci/aws > $.accessKey | AWS_ACCESS_KEY_ID ;
ci/aws > $.secretKey | AWS_SECRET_ACCESS_KEY
```
This would output:
```bash
AWS_ACCESS_KEY_ID=AKIAIOSFODNN7EXAMPLE
AWS_SECRET_ACCESS_KEY=wJalrXUtnFEMI/K7MDENG/bPxRfiCYEXAMPLEKEY
ci/aws accessKey | AWS_ACCESS_KEY_ID ;
ci/aws secretKey | AWS_SECRET_ACCESS_KEY
```
## Masking