https://github.com/drone/drone-vault
Drone plugin for integrating with the Vault secrets manager
https://github.com/drone/drone-vault
ci ci-cd secrets secrets-management vault
Last synced: 5 months ago
JSON representation
Drone plugin for integrating with the Vault secrets manager
- Host: GitHub
- URL: https://github.com/drone/drone-vault
- Owner: drone
- License: other
- Created: 2018-08-13T01:37:37.000Z (about 7 years ago)
- Default Branch: master
- Last Pushed: 2023-12-19T00:13:15.000Z (almost 2 years ago)
- Last Synced: 2024-09-25T09:11:27.368Z (about 1 year ago)
- Topics: ci, ci-cd, secrets, secrets-management, vault
- Language: Go
- Homepage: https://docs.drone.io/configure/secrets/external/vault/
- Size: 45.9 KB
- Stars: 64
- Watchers: 5
- Forks: 38
- Open Issues: 5
-
Metadata Files:
- Readme: README.md
- License: LICENSE.md
Awesome Lists containing this project
README
# drone-vault-extension
A secret extension that provides optional support for sourcing secrets from Vault. _Please note this project requires Drone server version 1.3 or higher._
## Installation
Create a shared secret:
```bash
$ openssl rand -hex 16
bea26a2221fd8090ea38720fc445eca6
```
Download and run the plugin:
```bash
$ docker run -d \
--publish=3000:3000 \
--env=DRONE_DEBUG=true \
--env=DRONE_SECRET=bea26a2221fd8090ea38720fc445eca6 \
--env=VAULT_ADDR=... \
--env=VAULT_TOKEN=... \
--restart=always \
--name=drone-vault drone/vault
```
Using approle authentication:
```bash
$ docker run -d \
--publish=3000:3000 \
--env=DRONE_DEBUG=true \
--env=DRONE_SECRET=bea26a2221fd8090ea38720fc445eca6 \
--env=VAULT_ADDR=... \
--env=VAULT_AUTH_TYPE=approle \
--env=VAULT_TOKEN_TTL=72h
--env=VAULT_TOKEN_RENEWAL=24h
--env=VAULT_APPROLE_ID=... \
--env=VAULT_APPROLE_SECRET=... \
--restart=always \
--name=drone-vault drone/vault
```
Update your runner configuration to include the plugin address and the shared secret.
```bash
DRONE_SECRET_PLUGIN_ENDPOINT=http://1.2.3.4:3000
DRONE_SECRET_PLUGIN_TOKEN=bea26a2221fd8090ea38720fc445eca6
```