actions/vault-action
5
0
Fork 0
mirror of https://github.com/hashicorp/vault-action.git synced 2025-11-14 18:13:45 +00:00
Code Activity Actions

Add export Vault Token

Browse source
This commit is contained in:
BERTRAND ZANCO 2020-09-22 09:50:18 +02:00
parent 952d5d48e4
commit 0226ed48d6
3 changed files with 11 additions and 0 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

1
README.md
View file

@ -250,6 +250,7 @@ Here are all the inputs available through `with`:
| `authPayload` | The JSON payload to be sent to Vault when using a custom authentication method. | | | | `authPayload` | The JSON payload to be sent to Vault when using a custom authentication method. | | |
| `extraHeaders` | A string of newline separated extra headers to include on every request. | | | | `extraHeaders` | A string of newline separated extra headers to include on every request. | | |
| `exportEnv` | Whether or not export secrets as environment variables. | `true` | | | `exportEnv` | Whether or not export secrets as environment variables. | `true` | |
| `exportToken` | Whether or not export Vault token as environment variables (i.e VAULT_TOKEN). | `false` | |
| `caCertificate` | Base64 encoded CA certificate the server certificate was signed with. | | | | `caCertificate` | Base64 encoded CA certificate the server certificate was signed with. | | |
| `clientCertificate` | Base64 encoded client certificate the action uses to authenticate with Vault when mTLS is enabled. | | | | `clientCertificate` | Base64 encoded client certificate the action uses to authenticate with Vault when mTLS is enabled. | | |
| `clientKey` | Base64 encoded client key the action uses to authenticate with Vault when mTLS is enabled. | | | | `clientKey` | Base64 encoded client key the action uses to authenticate with Vault when mTLS is enabled. | | |

4
action.yml
View file

@ -36,6 +36,10 @@ inputs:
description: 'Whether or not export secrets as environment variables.' description: 'Whether or not export secrets as environment variables.'
default: 'true' default: 'true'
required: false required: false
exportToken:
description: 'Whether or not export Vault token as environment variables.'
default: 'false'
required: false
caCertificate: caCertificate:
description: 'Base64 encoded CA certificate to verify the Vault server certificate.' description: 'Base64 encoded CA certificate to verify the Vault server certificate.'
required: false required: false

6
src/action.js
View file

@ -12,6 +12,7 @@ async function exportSecrets() {
const vaultNamespace = core.getInput('namespace', { required: false }); const vaultNamespace = core.getInput('namespace', { required: false });
const extraHeaders = parseHeadersInput('extraHeaders', { required: false }); const extraHeaders = parseHeadersInput('extraHeaders', { required: false });
const exportEnv = core.getInput('exportEnv', { required: false }) != 'false'; const exportEnv = core.getInput('exportEnv', { required: false }) != 'false';
const exportToken = core.getInput('exportToken', { required: false }) != 'false';
const secretsInput = core.getInput('secrets', { required: true }); const secretsInput = core.getInput('secrets', { required: true });
const secretRequests = parseSecretsInput(secretsInput); const secretRequests = parseSecretsInput(secretsInput);
@ -60,6 +61,11 @@ async function exportSecrets() {
defaultOptions.headers['X-Vault-Token'] = vaultToken; defaultOptions.headers['X-Vault-Token'] = vaultToken;
const client = got.extend(defaultOptions); const client = got.extend(defaultOptions);
if (exportToken) {
command.issue('add-mask', vaultToken);
core.exportVariable('VAULT_TOKEN', `${vaultToken}`);
}
const requests = secretRequests.map(request => { const requests = secretRequests.map(request => {
const { path, selector } = request; const { path, selector } = request;
return request; return request;