Ecosyste.ms: Awesome
An open API service indexing awesome lists of open source software.
https://github.com/20scoops-cnx/action-vault
vault helper for github action build in node-vault
https://github.com/20scoops-cnx/action-vault
Last synced: about 11 hours ago
JSON representation
vault helper for github action build in node-vault
- Host: GitHub
- URL: https://github.com/20scoops-cnx/action-vault
- Owner: 20Scoops-CNX
- Created: 2020-01-21T09:31:43.000Z (almost 5 years ago)
- Default Branch: master
- Last Pushed: 2020-03-11T08:26:40.000Z (over 4 years ago)
- Last Synced: 2024-09-16T09:13:39.100Z (about 2 months ago)
- Language: JavaScript
- Size: 595 KB
- Stars: 0
- Watchers: 3
- Forks: 1
- Open Issues: 1
-
Metadata Files:
- Readme: README-template.md
Awesome Lists containing this project
README
# 20scoops Action Vault
| Statements | Branches | Functions | Lines |
| --------------------------------------------- | ----------------------------------------- | ------------------------------------------- | ----------------------------------- |
|  |  |  |  |
## Feature available
- [x] aws access key
- [x] KV key value
- [x] SSH private key
Usage
---
### AWS access key
```yml
jobs:
build:
steps:
- name: Import AWS access key
uses: 20Scoops-CNX/action-vault@master
with:
VAULT_HOST: ${{ secrets.VAULT_HOST }}
VAULT_TOKEN: ${{ secrets.VAULT_TOKEN }}
PATH: 'example-aws/creds/ecr'
# aws,kv,ssh
MODULE: 'aws'
id: aws
- name: Login to ECR
id: ecr
uses: jwalton/gh-ecr-login@v1
with:
access-key-id: ${{ env.AWS_ACCESS_KEY }}
secret-access-key: ${{ env.AWS_SECRET_KEY }}
region: ${REGION}
```
### Secrets KEY/VALUE
**Note** : this module required secrets `V1`
Key value type in this module need to precise to actual path such as `my-secret/develop` this example path will contain with various variable such a `host`, `url`, `host_token`, etc.. as we specify in vault secrets and this will export those variable to env variable for use in next steps.
```yml
run: |
echo ${{ env.host }}
echo ${{ env.url }}
echo ${{ env.host_token }}
```
```yml
jobs:
build:
steps:
- name: Import Secrets key
uses: 20Scoops-CNX/action-vault@master
with:
VAULT_HOST: ${{ secrets.VAULT_HOST }}
VAULT_TOKEN: ${{ secrets.VAULT_TOKEN }}
PATH: 'my-project/DEVELOP'
MODULE: 'kv'
id: my-secret
```
### SSH vault Signed SSH Certificates
**Note**: How to and Concept of this module https://www.vaultproject.io/docs/secrets/ssh/signed-ssh-certificates
signed ssh certificates is how you do ssh to server from client side (CI) and excute the `shell` command to do something on server with this will need your current id_rsa and id_ras-cert.pub to verify host and get authorized and excution.
```yml
jobs:
build:
steps:
- name: Show something on server
uses: 20Scoops-CNX/action-vault@master
with:
VAULT_HOST: ${{ secrets.VAULT_HOST }}
VAULT_TOKEN: ${{ secrets.VAULT_TOKEN }}
PATH: 'my-ssh/sign/user'
MODULE: 'ssh'
IP_ADDRESS: '127.0.0.1' // or ${{ env.ip_address }}
PORT: 22 // or ${{ env.port }} default is `22`
USERNAME: 'ubuntu' // or ${{ env.username }}
COMMAND: 'ls -la'
```