{"id":17650214,"url":"https://github.com/mongey/vault-plugin-auth-github-actions","last_synced_at":"2025-05-07T07:01:32.503Z","repository":{"id":53467572,"uuid":"291848492","full_name":"Mongey/vault-plugin-auth-github-actions","owner":"Mongey","description":"A vault plugin to authenticate GitHub actions ","archived":false,"fork":false,"pushed_at":"2021-03-29T23:21:42.000Z","size":40,"stargazers_count":7,"open_issues_count":0,"forks_count":2,"subscribers_count":2,"default_branch":"master","last_synced_at":"2025-05-01T17:54:23.777Z","etag":null,"topics":["github-actions","vault","vault-plugin","vault-plugins"],"latest_commit_sha":null,"homepage":"","language":"Go","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"mit","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/Mongey.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null}},"created_at":"2020-08-31T23:41:01.000Z","updated_at":"2024-02-05T11:42:16.000Z","dependencies_parsed_at":"2022-08-28T11:00:19.697Z","dependency_job_id":null,"html_url":"https://github.com/Mongey/vault-plugin-auth-github-actions","commit_stats":null,"previous_names":[],"tags_count":1,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/Mongey%2Fvault-plugin-auth-github-actions","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/Mongey%2Fvault-plugin-auth-github-actions/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/Mongey%2Fvault-plugin-auth-github-actions/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/Mongey%2Fvault-plugin-auth-github-actions/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/Mongey","download_url":"https://codeload.github.com/Mongey/vault-plugin-auth-github-actions/tar.gz/refs/heads/master","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":252831253,"owners_count":21810783,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["github-actions","vault","vault-plugin","vault-plugins"],"created_at":"2024-10-23T11:37:13.514Z","updated_at":"2025-05-07T07:01:32.454Z","avatar_url":"https://github.com/Mongey.png","language":"Go","readme":"# vault-plugin-auth-github-actions\nAuthenticate with vault from your github actions.\n\n\n## Setup\n\n1. Download and decompress the latest plugin binary from the Releases tab on\nGitHub. Alternatively you can compile the plugin from source.\n\n2. Move the compiled plugin into Vault's configured `plugin_directory`:\n\n  ```sh\n  $ mv vault-plugin-auth-github-actions /etc/vault/plugins/vault-plugin-auth-github-actions\n  ```\n\n3. Calculate the SHA256 of the plugin and register it in Vault's plugin catalog.\nIf you are downloading the pre-compiled binary, it is highly recommended that\nyou use the published checksums to verify integrity.\n\n  ```sh\n  $ export SHA256=$(shasum -a 256 \"/etc/vault/plugins/vault-plugin-auth-github-actions\" | cut -d' ' -f1)\n\n  $ vault write sys/plugins/catalog/auth/github-actions-auth-plugin \\\n      sha_256=\"${SHA256}\" \\\n      command=\"vault-plugin-auth-github-actions\"\n  ```\n\n4. Mount the auth method:\n\n  ```sh\n  $ vault auth enable \\\n      -path=\"github-actions\" \\\n      -plugin-name=\"auth-github-actions\" plugin\n  ```\n\n5. Configure the role your repository should assume\n  ```sh\n  $ vault write auth/github-actions/repositories/Mongey/vault-plugin-auth-github-actions policies=admin\n  ```\n\n6. Point your github action to import your secrets from Vault\n```yaml\n      - name: Import Secrets\n        id: secrets\n        uses: hashicorp/vault-action@v2.0.0\n        with:\n          url: https://my-vault-server.org:8200\n          method: github-actions\n          secrets: secret/data/ci npmToken | NPM_TOKEN\n          authPayload: |\n          '{\n            \"token\": \"${{ secrets.GITHUB_TOKEN }}\",\n            \"run_id\": \"${{ github.run_id }}\",\n            \"run_number\": \"${{ github.run_number }}\",\n            \"owner\": \"${{ github.repository_owner }}\",\n            \"repository\": \"${{ github.repository }}\"\n          }'\n      - name: Print\n        env:\n          MY_VAR: Hello\n          FOO: ${{ steps.secrets.outputs.NPM_TOKEN }}\n        run: |\n          echo $MY_VAR $FOO $NPM_TOKEN\n```\n\n### Assign a default policy to all repositories in your organization\n\n```\n$ vault write auth/github-actions/organizations/Mongey policies=admin\n```\n\n## Configuration\n\nTo configure it, use the `/config` endpoint with the following arguments:\n\n  * `base_url` (string, optional) - For GitHub Enterprise or other API-compatible\n     servers, the base URL to access the server.\n\nFor example:\n\n```\nvault write auth/github-actions/config base_url=https://enterprise.github.com/\n```\n","funding_links":[],"categories":[],"sub_categories":[],"project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fmongey%2Fvault-plugin-auth-github-actions","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fmongey%2Fvault-plugin-auth-github-actions","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fmongey%2Fvault-plugin-auth-github-actions/lists"}