mirror of
https://github.com/hashicorp/vault.git
synced 2025-08-22 15:11:07 +02:00
* Update README Let contributors know that docs will now be located in UDR * Add comments to each mdx doc Comment has been added to all mdx docs that are not partials * chore: added changelog changelog check failure * wip: removed changelog * Fix content errors * Doc spacing * Update website/content/docs/deploy/kubernetes/vso/helm.mdx Co-authored-by: Tu Nguyen <im2nguyen@users.noreply.github.com> --------- Co-authored-by: jonathanfrappier <92055993+jonathanfrappier@users.noreply.github.com> Co-authored-by: Tu Nguyen <im2nguyen@users.noreply.github.com>
50 lines
2.3 KiB
Plaintext
50 lines
2.3 KiB
Plaintext
---
|
|
layout: docs
|
|
page_title: GitHub actions
|
|
description: >-
|
|
Use GitHub action workflow to leverage secrets stored in Vault using vault-action.
|
|
---
|
|
|
|
> [!IMPORTANT]
|
|
> **Documentation Update:** Product documentation, which were located in this repository under `/website`, are now located in [`hashicorp/web-unified-docs`](https://github.com/hashicorp/web-unified-docs), colocated with all other product documentation. Contributions to this content should be done in the `web-unified-docs` repo, and not this one. Changes made to `/website` content in this repo will not be reflected on the developer.hashicorp.com website.
|
|
|
|
# GitHub actions
|
|
|
|
Workflows in GitHub Actions can make use of secrets stored in Vault by using a
|
|
[`vault-action`](https://github.com/marketplace/actions/hashicorp-vault) step.
|
|
|
|
## Example
|
|
|
|
Here is an example `vault-action` step in a workflow:
|
|
|
|
```yaml
|
|
jobs:
|
|
build:
|
|
# ...
|
|
steps:
|
|
# ...
|
|
- name: Import Secrets
|
|
uses: hashicorp/vault-action@v2.4.0
|
|
with:
|
|
url: https://vault.example.com:8200
|
|
token: ${{ secrets.VAULT_TOKEN }}
|
|
caCertificate: ${{ secrets.VAULT_CA_CERT }}
|
|
secrets: |
|
|
secret/data/ci/aws accessKey | AWS_ACCESS_KEY_ID ;
|
|
secret/data/ci/aws secretKey | AWS_SECRET_ACCESS_KEY ;
|
|
secret/data/ci npm_token
|
|
```
|
|
|
|
This example will authenticate to Vault instance at `https://vault.example.com:8200` with the GitHub secrets defined in
|
|
`VAULT_TOKEN` and `VAULT_CA_CERT`, and will add environment variables available for next steps in the workflow:
|
|
- The secret at path `secret/data/ci/aws` with the key `accessKey` available in the environment variable `AWS_ACCESS_KEY_ID`
|
|
- The secret at path `secret/data/ci/aws` with the key `secretKey` available in the environment variable `AWS_SECRET_ACCESS_KEY`
|
|
- The secret at path `secret/data/ci` with the key `npm_token` available in the environment variable `NPM_TOKEN`
|
|
|
|
## Further information
|
|
|
|
For more information on using the `vault-action` GitHub Action, visit:
|
|
|
|
- [Vault GitHub action documentation](https://github.com/marketplace/actions/hashicorp-vault)
|
|
- [Vault GitHub actions tutorial](/vault/tutorials/app-integration/github-actions)
|