actions/vault-action
5
0
Fork 0
mirror of https://github.com/hashicorp/vault-action.git synced 2025-11-11 00:56:54 +00:00
Code Activity Actions

docs: some small formatting and doc changes

Browse source
This commit is contained in:
Richard Simpson 2020-02-03 21:28:43 -06:00
parent a144d7cbe0
commit 44b0828093
2 changed files with 17 additions and 16 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

15
README.md
View file

@ -1,6 +1,8 @@
# vault-action # vault-action
A helper action for easily pulling secrets from a K/V backend of vault. A helper action for easily pulling secrets from the K/V backend of vault.
Expects [Version 2](https://www.vaultproject.io/docs/secrets/kv/kv-v2/) of the KV Secrets Engine by default.
## Example Usage ## Example Usage
@ -39,7 +41,7 @@ with:
url: https://vault.mycompany.com:8200 url: https://vault.mycompany.com:8200
method: approle method: approle
roleId: ${{ secrets.roleId }} roleId: ${{ secrets.roleId }}
secretId : ${{ secrets.secretId }} secretId: ${{ secrets.secretId }}
``` ```
## Key Syntax ## Key Syntax
@ -97,22 +99,21 @@ with:
By default, `vault-action` expects a K/V engine using [version 2](https://www.vaultproject.io/docs/secrets/kv/kv-v2.html). By default, `vault-action` expects a K/V engine using [version 2](https://www.vaultproject.io/docs/secrets/kv/kv-v2.html).
In order to work with a v1 engine, the `kv-version` parameter may be passed: In order to work with a [v1 engine](https://www.vaultproject.io/docs/secrets/kv/kv-v1/), the `kv-version` parameter may be passed:
```yaml ```yaml
with: with:
kv-version: 1 kv-version: 1
``` ```
### Custom Engine Name ### Custom Engine Path
Vault comes with a default engine named `secret`, so a secret named `ci` will be When you enable the K/V Engine, by default it's placed at the path `secret`, so a secret named `ci` will be accessed from `secret/ci`. However, [if you enabled the secrets engine using a custom `path`](https://www.vaultproject.io/docs/commands/secrets/enable/#inlinecode--path-4), you
accessed from `secret/ci`. However, if you are using a custom named engine, you
can pass it as follows: can pass it as follows:
```yaml ```yaml
with: with:
engine-name: my-secrets path: my-secrets
secrets: ci npmToken secrets: ci npmToken
``` ```

18
action.js
View file

@ -7,7 +7,7 @@ async function exportSecrets() {
const vaultUrl = core.getInput('url', { required: true }); const vaultUrl = core.getInput('url', { required: true });
const vaultNamespace = core.getInput('namespace', { required: false }); const vaultNamespace = core.getInput('namespace', { required: false });
let engineName = core.getInput('engine-name', { required: false }); let enginePath = core.getInput('path', { required: false });
let kvVersion = core.getInput('kv-version', { required: false }); let kvVersion = core.getInput('kv-version', { required: false });
const secretsInput = core.getInput('secrets', { required: true }); const secretsInput = core.getInput('secrets', { required: true });
@ -47,16 +47,16 @@ async function exportSecrets() {
break; break;
} }
if (!engineName){ if (!enginePath) {
engineName = 'secret'; enginePath = 'secret';
} }
if (!kvVersion){ if (!kvVersion) {
kvVersion = '2'; kvVersion = '2';
} }
if (kvVersion !== '1' && kvVersion !== '2') { if (kvVersion !== '1' && kvVersion !== '2') {
throw Error(`You must provide a valid K/V version. Input: "${kvVersion}"`); throw Error(`You must provide a valid K/V version (1 or 2). Input: "${kvVersion}"`);
} }
kvVersion = parseInt(kvVersion); kvVersion = parseInt(kvVersion);
@ -148,14 +148,14 @@ function parseResponse(responseBody, kvVersion) {
let secretData; let secretData;
switch(kvVersion) { switch(kvVersion) {
case 1: case 1: {
secretData = parsedResponse.data; secretData = parsedResponse.data;
break; } break;
case 2: case 2: {
const vaultKeyData = parsedResponse.data; const vaultKeyData = parsedResponse.data;
secretData = vaultKeyData.data; secretData = vaultKeyData.data;
break; } break;
} }
return secretData; return secretData;