vault/website/content/docs/platform/github-actions.mdx
Erica Thompson 0660ea6fac
Update README (#31244)
* Update README

Let contributors know that docs will now be located in UDR

* Add comments to each mdx doc

Comment has been added to all mdx docs that are not partials

* chore: added changelog

changelog check failure

* wip: removed changelog

* Fix content errors

* Doc spacing

* Update website/content/docs/deploy/kubernetes/vso/helm.mdx

Co-authored-by: Tu Nguyen <im2nguyen@users.noreply.github.com>

---------

Co-authored-by: jonathanfrappier <92055993+jonathanfrappier@users.noreply.github.com>
Co-authored-by: Tu Nguyen <im2nguyen@users.noreply.github.com>
2025-07-22 08:12:22 -07:00

50 lines
2.3 KiB
Plaintext

---
layout: docs
page_title: GitHub actions
description: >-
Use GitHub action workflow to leverage secrets stored in Vault using vault-action.
---
> [!IMPORTANT]
> **Documentation Update:** Product documentation, which were located in this repository under `/website`, are now located in [`hashicorp/web-unified-docs`](https://github.com/hashicorp/web-unified-docs), colocated with all other product documentation. Contributions to this content should be done in the `web-unified-docs` repo, and not this one. Changes made to `/website` content in this repo will not be reflected on the developer.hashicorp.com website.
# GitHub actions
Workflows in GitHub Actions can make use of secrets stored in Vault by using a
[`vault-action`](https://github.com/marketplace/actions/hashicorp-vault) step.
## Example
Here is an example `vault-action` step in a workflow:
```yaml
jobs:
build:
# ...
steps:
# ...
- name: Import Secrets
uses: hashicorp/vault-action@v2.4.0
with:
url: https://vault.example.com:8200
token: ${{ secrets.VAULT_TOKEN }}
caCertificate: ${{ secrets.VAULT_CA_CERT }}
secrets: |
secret/data/ci/aws accessKey | AWS_ACCESS_KEY_ID ;
secret/data/ci/aws secretKey | AWS_SECRET_ACCESS_KEY ;
secret/data/ci npm_token
```
This example will authenticate to Vault instance at `https://vault.example.com:8200` with the GitHub secrets defined in
`VAULT_TOKEN` and `VAULT_CA_CERT`, and will add environment variables available for next steps in the workflow:
- The secret at path `secret/data/ci/aws` with the key `accessKey` available in the environment variable `AWS_ACCESS_KEY_ID`
- The secret at path `secret/data/ci/aws` with the key `secretKey` available in the environment variable `AWS_SECRET_ACCESS_KEY`
- The secret at path `secret/data/ci` with the key `npm_token` available in the environment variable `NPM_TOKEN`
## Further information
For more information on using the `vault-action` GitHub Action, visit:
- [Vault GitHub action documentation](https://github.com/marketplace/actions/hashicorp-vault)
- [Vault GitHub actions tutorial](/vault/tutorials/app-integration/github-actions)