From 01bb0f9bc9fb9a2d619f69936458ee934a3bbde2 Mon Sep 17 00:00:00 2001 From: Richard Simpson Date: Fri, 3 Apr 2020 12:24:42 -0500 Subject: [PATCH] docs: add reference --- README.md | 17 +++++++++++++++++ action.yml | 11 +++++++---- 2 files changed, 24 insertions(+), 4 deletions(-) diff --git a/README.md b/README.md index 478f6fa..ee95e6c 100644 --- a/README.md +++ b/README.md @@ -18,6 +18,7 @@ By default, this action pulls from [Version 2](https://www.vaultproject.io/docs - [Adding Extra Headers](#adding-extra-headers) - [Vault Enterprise Features](#vault-enterprise-features) - [Namespace](#namespace) +- [Reference](#reference) - [Masking - Hidding Secrets from Logs](#masking---hidding-secrets-from-logs) @@ -268,6 +269,22 @@ steps: ci npm_token ``` +## Reference +| Option | Description | Default | Required | +| ------------ | ---------------------------------------------------------------------------------------------------------------------------------------------------- | ------- | -------- | +| url | The URL for the vault endpoint | | true | +| secrets | A semicolon-separated list of secrets to retrieve. These will automatically be converted to environmental variable keys. See README for more details | | true | +| namespace | The Vault namespace from which to query secrets. Vault Enterprise only, unset by default | | false | +| path | The path of a non-default K/V engine | | false | +| kv-version | The version of the K/V engine to use. | 2 | false | +| method | The method to use to authenticate with Vault. | token | false | +| token | The Vault Token to be used to authenticate with Vault | | false | +| roleId | The Role Id for App Role authentication | | false | +| secretId | The Secret Id for App Role authentication | | false | +| githubToken | The Github Token to be used to authenticate with Vault | | false | +| extraHeaders | A string of newline separated extra headers to include on every request. | | false | +| exportEnv | Whether or not export secrets as environment variables. | true | false | + ## Masking - Hidding Secrets from Logs This action uses GitHub Action's built-in masking, so all variables will automatically be masked (aka hidden) if printed to the console or to logs. diff --git a/action.yml b/action.yml index ac882f1..9c1d7a9 100644 --- a/action.yml +++ b/action.yml @@ -1,5 +1,5 @@ name: 'Vault Secrets' -description: 'A Github Action that allows you to consume the v2 K/V backend of HashiCorp Vault as secure environment variables' +description: 'A Github Action that allows you to consume the v2 K/V backend of HashiCorp Vaultâ„¢ as secure environment variables' inputs: url: description: 'The URL for the vault endpoint' @@ -14,10 +14,12 @@ inputs: description: 'The path of a non-default K/V engine' required: false kv-version: - description: 'The version of the K/V engine to use. Default: 2' + description: 'The version of the K/V engine to use.' + default: '2' required: false method: - description: 'The method to use to authenticate with Vault. Default: token' + description: 'The method to use to authenticate with Vault.' + default: 'token' required: false token: description: 'The Vault Token to be used to authenticate with Vault' @@ -35,7 +37,8 @@ inputs: description: 'A string of newline separated extra headers to include on every request.' required: false exportEnv: - description: 'Whether or not export secrets as environment variables. Default: true' + description: 'Whether or not export secrets as environment variables.' + default: 'true' required: false runs: using: 'node12'