Skip to content

Commit

Permalink
Enhanced "Example Usage" section (#435)
Browse files Browse the repository at this point in the history 
+added documentation on how to use the retrieved secrets
+ added an example of converting the vault-action outputs to json
* fix e2e test setup
  • Loading branch information
@maxcoulombe
maxcoulombe authored Mar 2, 2023
1 parent 256bfb9 commit 3a9100e
Show file tree
Hide file tree
Showing 2 changed files with 35 additions and 1 deletion.
34 changes: 34 additions & 0 deletions README.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -44,6 +44,7 @@ jobs:
steps:
# ...
- name: Import Secrets
id: import-secrets
uses: hashicorp/vault-action@v2
with:
url: https://vault.mycompany.com:8200
Expand All @@ -56,6 +57,39 @@ jobs:
# ...
```

Retrieved secrets are available as environment variables or outputs for subsequent steps:
```yaml
#...
- name: Step following 'Import Secrets'
run: |
ACCESS_KEY_ID = "${{ env.AWS_ACCESS_KEY_ID }}"
SECRET_ACCESS_KEY = "${{ steps.import-secrets.outputs.AWS_SECRET_ACCESS_KEY }}"
# ...
```

If your project needs a format other than env vars and step outputs, you can use additional steps to transform them into the desired format.
For example, a common pattern is to save all the secrets in a JSON file:
```yaml
#...
- name: Step following 'Import Secrets'
run: |
touch secrets.json
echo "${{ toJson(steps.import-secrets.outputs) }}" >> secrets.json
# ...
```

Which with our example would yield a file containing:
```json
{
"ACCESS_KEY_ID": "MY_KEY_ID",
"SECRET_ACCESS_KEY": "MY_SECRET_KEY",
"NPM_TOKEN": "MY_NPM_TOKEN"
}
```

Note that all secrets are masked so programs need to read the file themselves otherwise all values will be replaced with a `***` placeholder.


## Authentication Methods

Consider using a [Vault authentication method](https://www.vaultproject.io/docs/auth) such as the JWT auth method with
Expand Down
2 changes: 1 addition & 1 deletion integrationTests/e2e/setup.js
View file
Original file line number Diff line number Diff line change
@@ -1,7 +1,7 @@
const got = require('got');

const vaultUrl = `${process.env.VAULT_HOST}:${process.env.VAULT_PORT}`;
const vaultToken = `${process.env.VAULT_TOKEN || 'testtoken'}`
const vaultToken = `${process.env.VAULT_TOKEN}` === undefined ? `${process.env.VAULT_TOKEN}` : "testtoken";

(async () => {
try {
Expand Down

0 comments on commit 3a9100e

Please sign in to comment.