DEVHIDE
Login Or Sign up

Update vault secret by Gitlab CI

89 Views Asked by At

i am storing application.yaml configs spring boot as json in vault and I wanna update them by gitlab ci stages, Who did face with that issue and could help me. I found nothing about that

I found nothing about that. I tried use python scripts but it is not my way

spring kubernetes gitlab-ci hashicorp-vault vault
Original Q&A
1

There are 1 best solutions below

0
On

Your question is extremely unclear and doesn't provide very much information to go on, but you can likely accomplish this any number of ways.

All you need is the ability to communicate and authenticate with vault using a credential that has write access to the path you're storing your configuration, then you just need to update the secret.

Assuming you're using a kv-v1 secret store, you can update the secret via the API with a POST/PUT with curl:

curl \
    --header "X-Vault-Token: ..." \
    --request POST \
    --data @payload.json \
    https://127.0.0.1:8200/v1/secret/my-secret

You can find more information on updating a secret here

Since you mentioned you were trying to use Python to accomplish this, you'd want to utilize the "hvac" library. Again, assuming a kv-v1 store, you can do this like this:

import hvac
client = hvac.Client()
hvac_secret = {
    'psst': 'this is so secret yall',
}

client.secrets.kv.v1.create_or_update_secret(
    path='hvac',
    secret=hvac_secret,
)

read_secret_result = client.secrets.kv.v1.read_secret(
    path='hvac',
)
print('The "psst" key under the secret path ("/v1/secret/hvac") is: {psst}'.format(
    psst=read_secret_result['data']['psst'],
))

Again for more information, look at this documentation.

If my answer here is sufficient, please accept it. If you need further guidance, please update your post with more information. Namely:

  • What secrets engine in vault are you using
  • What does your python code look like
  • What else have you tried
  • What does your vault access policy look like
  • How are you authenticating with vault
  • etc.

All of these things are relevant to your question and you provided none of them, which makes it very hard for people to try to help you.

Related Questions in SPRING

Related Questions in KUBERNETES

Related Questions in GITLAB-CI

Related Questions in HASHICORP-VAULT

Related Questions in VAULT

Trending Questions

Popular # Hahtags

javascript python java c# php android html jquery c++ css ios sql mysql r reactjs node.js arrays c asp.net json python-3.x ruby-on-rails .net sql-server swift django angular objective-c pandas excel

Popular Questions

Copyright © 2021 Jogjafile Inc.