In order to store secret files (certs, secrets, keys, etc.), within CircleCI, one can can use Akeyless Vault as a third-party secret storage solution.
You need to have an existing repo that is followed by CircleCI (in our example it’s named TestRepo):
- Setup global configuration in your CircleCI project
a. Go into Project Settings:
b. Go into Environment Variables to setup global configuration:
In our example, you would need to configure the following environment variables:
Similarly, you can set your admin_email and admin_password as environment variables:
- Create/update your config.yml file for CircleCI (should be in .circleci/config.yml).
version: 2.1 jobs: build: docker: - image: akeyless/ci_base environment: mysecret: akeyless://MySecret1 demo_secret: akeyless://api-gw BASH_ENV: ~/.akeyless/akeyless_env.sh steps: - checkout # check out the code in the project directory - run: name: Authenticate to Akeyless command: akeyless auth --admin-email $admin_email --admin-password $admin_password - run: name: Fetch Akeyless secrets command: echo "mysecret=[$mysecret]" && echo "demo_secret=[$demo_secret]"
In this example, we used email and password authentication to fetch different secrets:
/api-gw those secrets are being injected into environment variables
You can choose any Authentication Method. Please make sure this Authentication Method have access to your secret.
Example 2 - supporting Zero Trust Encryption with a customer fragment:
Go into Environment Variables to setup global configuration:
In our example, you would need to configure the following environment variable:
If you have your own Akeyless Gateway setup - set the URL for the Restful API, otherwise you can use Akeyless Public Gateway with the following URL:
- Pipeline will be triggered and you'll be able to view your build:
Updated 2 months ago