Hashicorp vault as secret storage integration

[Savemech]

Clear and concise description of the problem

Hi there, that would be awesome if secrets would be pullable from Hashicorp Vault, by integration like this

Suggested solution

by this https://docs.gitlab.com/ee/ci/secrets/index.html#configure-your-vault-server
and that https://docs.gitlab.com/ee/ci/secrets/index.html#use-vault-secrets-in-a-ci-job

Alternative

wrapping stuff in bash, that's sad and nasty, because woodpecker does not treat it as concealed string, and secrets gets leaked
import this onto woodpecker plugin system

Additional context

https://www.hashicorp.com/resources/securing-your-ci-pipeline-with-vault

Validations

• Read the Contributing Guidelines.
• Read the docs.
• Check that there isn't already an issue that request the same feature to avoid creating a duplicate.

[anbraten]

#915 will allow to set an endpoint for an external secrets provider which could be serving secrets from hashicorp vault.

[Savemech]

That's awesome, thanks folks!

[pat-s]

I've also did some research on this just now and came across the official drone-vault extension. Probably #915 is needed for this in the first place?

Here are some additional materials:

• https://blog.drone.io/drone-vault-secrets/
• https://github.com/drone/drone-vault

[vincentDcmps]

Hi
I'am thinking to migrate from drone to woodpecker :)
does somebody already have tested drone-vault-secret with woodpecker?