actions/vault-action
5
0
Fork 0
mirror of https://github.com/hashicorp/vault-action.git synced 2025-11-07 07:06:56 +00:00
Code Activity Actions

docs: add reference

Browse source
This commit is contained in:
Richard Simpson 2020-04-03 12:24:42 -05:00
parent 5a70924133
commit 01bb0f9bc9
2 changed files with 24 additions and 4 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

17
README.md
View file

@ -18,6 +18,7 @@ By default, this action pulls from [Version 2](https://www.vaultproject.io/docs
- [Adding Extra Headers](#adding-extra-headers) - [Adding Extra Headers](#adding-extra-headers)
- [Vault Enterprise Features](#vault-enterprise-features) - [Vault Enterprise Features](#vault-enterprise-features)
- [Namespace](#namespace) - [Namespace](#namespace)
- [Reference](#reference)
- [Masking - Hidding Secrets from Logs](#masking---hidding-secrets-from-logs) - [Masking - Hidding Secrets from Logs](#masking---hidding-secrets-from-logs)
<!-- /TOC --> <!-- /TOC -->
@ -268,6 +269,22 @@ steps:
ci npm_token ci npm_token
``` ```
## Reference
| Option | Description | Default | Required |
| ------------ | ---------------------------------------------------------------------------------------------------------------------------------------------------- | ------- | -------- |
| url | The URL for the vault endpoint | | true |
| secrets | A semicolon-separated list of secrets to retrieve. These will automatically be converted to environmental variable keys. See README for more details | | true |
| namespace | The Vault namespace from which to query secrets. Vault Enterprise only, unset by default | | false |
| path | The path of a non-default K/V engine | | false |
| kv-version | The version of the K/V engine to use. | 2 | false |
| method | The method to use to authenticate with Vault. | token | false |
| token | The Vault Token to be used to authenticate with Vault | | false |
| roleId | The Role Id for App Role authentication | | false |
| secretId | The Secret Id for App Role authentication | | false |
| githubToken | The Github Token to be used to authenticate with Vault | | false |
| extraHeaders | A string of newline separated extra headers to include on every request. | | false |
| exportEnv | Whether or not export secrets as environment variables. | true | false |
## Masking - Hidding Secrets from Logs ## Masking - Hidding Secrets from Logs
This action uses GitHub Action's built-in masking, so all variables will automatically be masked (aka hidden) if printed to the console or to logs. This action uses GitHub Action's built-in masking, so all variables will automatically be masked (aka hidden) if printed to the console or to logs.

11
action.yml
View file

@ -1,5 +1,5 @@
name: 'Vault Secrets' name: 'Vault Secrets'
description: 'A Github Action that allows you to consume the v2 K/V backend of HashiCorp Vault as secure environment variables' description: 'A Github Action that allows you to consume the v2 K/V backend of HashiCorp Vault as secure environment variables'
inputs: inputs:
url: url:
description: 'The URL for the vault endpoint' description: 'The URL for the vault endpoint'
@ -14,10 +14,12 @@ inputs:
description: 'The path of a non-default K/V engine' description: 'The path of a non-default K/V engine'
required: false required: false
kv-version: kv-version:
description: 'The version of the K/V engine to use. Default: 2' description: 'The version of the K/V engine to use.'
default: '2'
required: false required: false
method: method:
description: 'The method to use to authenticate with Vault. Default: token' description: 'The method to use to authenticate with Vault.'
default: 'token'
required: false required: false
token: token:
description: 'The Vault Token to be used to authenticate with Vault' description: 'The Vault Token to be used to authenticate with Vault'
@ -35,7 +37,8 @@ inputs:
description: 'A string of newline separated extra headers to include on every request.' description: 'A string of newline separated extra headers to include on every request.'
required: false required: false
exportEnv: exportEnv:
description: 'Whether or not export secrets as environment variables. Default: true' description: 'Whether or not export secrets as environment variables.'
default: 'true'
required: false required: false
runs: runs:
using: 'node12' using: 'node12'