Skip to content

sims-security/drone-vault

BranchesTags
 
 

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

18 Commits
docker
docker
 
 
licenses
licenses
 
 
plugin
plugin
 
 
scripts
scripts
 
 
.drone.yml
.drone.yml
 
 
.gitignore
.gitignore
 
 
LICENSE.md
LICENSE.md
 
 
README.md
README.md
 
 
go.mod
go.mod
 
 
go.sum
go.sum
 
 
main.go
main.go
 
 

Repository files navigation

drone-vault-extension

A secret extension that provides optional support for sourcing secrets from Vault. Please note this project requires Drone server version 1.3 or higher.

Installation

Create a shared secret:

$ openssl rand -hex 16
bea26a2221fd8090ea38720fc445eca6

Download and run the plugin:

$ docker run -d \
  --publish=3000:3000 \
  --env=DRONE_DEBUG=true \
  --env=DRONE_SECRET=bea26a2221fd8090ea38720fc445eca6 \
  --env=VAULT_ADDR=... \
  --env=VAULT_TOKEN=... \
  --restart=always \
  --name=drone-vault drone/vault

Using approle authentication:

$ docker run -d \
  --publish=3000:3000 \
  --env=DRONE_DEBUG=true \
  --env=DRONE_SECRET=bea26a2221fd8090ea38720fc445eca6 \
  --env=VAULT_ADDR=... \
  --env=VAULT_AUTH_TYPE=approle \
  --env=VAULT_TOKEN_TTL=72h
  --env=VAULT_TOKEN_RENEWAL=24h
  --env=VAULT_APPROLE_ID=... \
  --env=VAULT_APPROLE_SECRET=... \
  --restart=always \
  --name=drone-vault drone/vault

Update your runner configuration to include the plugin address and the shared secret.

DRONE_SECRET_PLUGIN_ENDPOINT=http://1.2.3.4:3000
DRONE_SECRET_PLUGIN_TOKEN=bea26a2221fd8090ea38720fc445eca6

About

Drone plugin for integrating with the Vault secrets manager

docs.drone.io/configure/secrets/external/vault/

Resources

Readme

License

View license
Activity

Stars

0 stars

Watchers

0 watching

Forks

0 forks
Report repository

Releases

3 tags

Packages

No packages published

Languages

  • Go 99.1%
  • Shell 0.9%