From 96e2c5df04f633b86ac9463782c37a7dd4e3a549 Mon Sep 17 00:00:00 2001 From: Pierre Smeyers <pierre.smeyers@gmail.com> Date: Tue, 13 Dec 2022 07:45:18 +0100 Subject: [PATCH] feat(vault): configurable Vault Secrets Provider images --- README.md | 1 + kicker.json | 6 ++++++ templates/gitlab-ci-docker-vault.yml | 4 +++- 3 files changed, 10 insertions(+), 1 deletion(-) diff --git a/README.md b/README.md index 1c18702..ca215d9 100644 --- a/README.md +++ b/README.md @@ -518,6 +518,7 @@ In order to be able to communicate with the Vault server, the variant requires t | Name | Description | Default value | | ----------------- | -------------------------------------- | ----------------- | +| `TBC_VAULT_IMAGE` | The [Vault Secrets Provider](https://gitlab.com/to-be-continuous/tools/vault-secrets-provider) image to use (can be overridden) | `$CI_REGISTRY/to-be-continuous/tools/vault-secrets-provider:master` | | `VAULT_BASE_URL` | The Vault server base API url | _none_ | | :lock: `VAULT_ROLE_ID` | The [AppRole](https://www.vaultproject.io/docs/auth/approle) RoleID | **must be defined** | | :lock: `VAULT_SECRET_ID` | The [AppRole](https://www.vaultproject.io/docs/auth/approle) SecretID | **must be defined** | diff --git a/kicker.json b/kicker.json index c9a7106..e6a8eda 100644 --- a/kicker.json +++ b/kicker.json @@ -206,6 +206,12 @@ "description": "Retrieve secrets from a [Vault](https://www.vaultproject.io/) server", "template_path": "templates/gitlab-ci-docker-vault.yml", "variables": [ + { + "name": "TBC_VAULT_IMAGE", + "description": "The [Vault Secrets Provider](https://gitlab.com/to-be-continuous/tools/vault-secrets-provider) image to use", + "default": "$CI_REGISTRY/to-be-continuous/tools/vault-secrets-provider:master", + "advanced": true + }, { "name": "VAULT_BASE_URL", "description": "The Vault server base API url", diff --git a/templates/gitlab-ci-docker-vault.yml b/templates/gitlab-ci-docker-vault.yml index 7d4f94d..753ad78 100644 --- a/templates/gitlab-ci-docker-vault.yml +++ b/templates/gitlab-ci-docker-vault.yml @@ -2,6 +2,8 @@ # === Vault template variant # ===================================================================================================================== variables: + # variabilized vault-secrets-provider image + TBC_VAULT_IMAGE: "$CI_REGISTRY/to-be-continuous/tools/vault-secrets-provider:master" # variables have to be explicitly declared in the YAML to be exported to the service VAULT_ROLE_ID: "$VAULT_ROLE_ID" VAULT_SECRET_ID: "$VAULT_SECRET_ID" @@ -10,5 +12,5 @@ variables: services: - name: "$TBC_TRACKING_IMAGE" command: ["--service", "docker", "3.4.0"] - - name: "$CI_REGISTRY/to-be-continuous/tools/vault-secrets-provider:master" + - name: "$TBC_VAULT_IMAGE" alias: "vault-secrets-provider" -- GitLab