Ecosyste.ms: Awesome
An open API service indexing awesome lists of open source software.
https://github.com/smaeda-ks/orb-hashicorp-vault-cli
A handy CircleCI Orb that helps you to integrate HashiCorp Vault with your CI/CD pipelines by leveraging the CircleCI OIDC support.
https://github.com/smaeda-ks/orb-hashicorp-vault-cli
circleci hashicorp-vault oidc vault
Last synced: 23 days ago
JSON representation
A handy CircleCI Orb that helps you to integrate HashiCorp Vault with your CI/CD pipelines by leveraging the CircleCI OIDC support.
- Host: GitHub
- URL: https://github.com/smaeda-ks/orb-hashicorp-vault-cli
- Owner: smaeda-ks
- License: mit
- Created: 2022-03-31T03:40:34.000Z (almost 3 years ago)
- Default Branch: main
- Last Pushed: 2022-05-30T14:12:44.000Z (over 2 years ago)
- Last Synced: 2024-12-22T16:53:34.244Z (28 days ago)
- Topics: circleci, hashicorp-vault, oidc, vault
- Homepage:
- Size: 31.3 KB
- Stars: 2
- Watchers: 2
- Forks: 5
- Open Issues: 0
-
Metadata Files:
- Readme: README.md
- Changelog: CHANGELOG.md
- License: LICENSE
Awesome Lists containing this project
README
# orb-hashicorp-vault-cli
[](https://circleci.com/gh/smaeda-ks/orb-hashicorp-vault-cli) [](https://circleci.com/orbs/registry/orb/smaeda-ks/orb-hashicorp-vault-cli) [](https://raw.githubusercontent.com/smaeda-ks/orb-hashicorp-vault-cli/master/LICENSE) [](https://discuss.circleci.com/c/ecosystem/orbs)
A custom CircleCI Orb for HashiCorp Vault CLI.
This Orb provides a few [commands](https://circleci.com/docs/2.0/orb-concepts/#commands) as below:
| Command | Description | Documentation |
| ---| --- | --- |
| `install` | Install Vault binary to the current executor environment. | [link](https://circleci.com/developer/orbs/orb/smaeda-ks/orb-hashicorp-vault-cli#commands-install) |
| `auth-oidc` | Authenticate with Vault using OIDC and obtain a token. Upon successful authentication, the obtained token will be set to the `VAULT_TOKEN` environment variable using `$BASH_ENV`. | [link](https://circleci.com/developer/orbs/orb/smaeda-ks/orb-hashicorp-vault-cli#commands-auth-oidc) |
| `revoke-self` | Revoke the token set to the `VAULT_TOKEN` environment variable against the Vault instance set to the `VAULT_ADDR` environment variable. | [link](https://circleci.com/developer/orbs/orb/smaeda-ks/orb-hashicorp-vault-cli#commands-revoke-self) |
## Example Orb usage
```yaml
description: |
Install Vault binary, authenticate using OIDC, and get secrets.
usage:
version: 2.1
orbs:
orb-hashicorp-vault-cli: smaeda-ks/[email protected]
jobs:
my-job:
machine: true
steps:
- checkout
# Install Vault
- orb-hashicorp-vault-cli/install
# Authenticate using OIDC and obtain token
# This will automatically set VAULT_TOKEN env variable
- orb-hashicorp-vault-cli/auth-oidc:
vault-address: "http://localhost:8200"
vault-role: "circleci-dev"
- run:
name: Get secret
command: |
# export secret using $BASH_ENV
# so it can be referenced by subsequent steps within the job
FOO=$(vault kv get -field=password secret/circleci/dev)
echo "export SECRET_FOO=${FOO}" >> $BASH_ENV
# Revoke Vault token after finishing all steps
- orb-hashicorp-vault-cli/revoke-self
workflows:
use-my-orb:
jobs:
- my-job:
# You must use context for jobs require OIDC
context: my-context
```
## Example Vault configuration
An example Vault configuration can be found in this repository's `.circleci` folder:
https://github.com/smaeda-ks/orb-hashicorp-vault-cli/blob/main/.circleci
## Resources
[CircleCI Orb Registry Page](https://circleci.com/orbs/registry/orb/smaeda-ks/orb-hashicorp-vault-cli) - The official registry page of this orb for all versions, executors, commands, and jobs described.
[CircleCI Orb Docs](https://circleci.com/docs/2.0/orb-intro/#section=configuration) - Docs for using and creating CircleCI Orbs.
### How to Contribute
We welcome [issues](https://github.com/smaeda-ks/orb-hashicorp-vault-cli/issues) to and [pull requests](https://github.com/smaeda-ks/orb-hashicorp-vault-cli/pulls) against this repository!