CircleCI Plugin
In order to store secret files (certs, secrets, keys, etc.), within CircleCI, one can can use Akeyless Vault as a third-party secret storage solution.
Prerequsites
You need to have an existing repo that is followed by CircleCI (in our example it’s named TestRepo):
Configuration
- Setup global configuration in your CircleCI project
a. Go into Project Settings:
b. Go into Environment Variables to setup global configuration:
In our example, you would need to configure the following environment variables:
- access_id
- access_key
Similarly, you can set your admin_email and admin_password as environment variables:
- Create/update your config.yml file for CircleCI (should be in .circleci/config.yml).
Example 1
version: 2.1
jobs:
build:
docker:
- image: akeyless/ci_base
environment:
mysecret: akeyless://MySecret1
demo_secret: akeyless://api-gw
BASH_ENV: ~/.akeyless/akeyless_env.sh
steps:
- checkout # check out the code in the project directory
- run:
name: Authenticate to Akeyless
command: akeyless auth --admin-email $admin_email --admin-password $admin_password
- run:
name: Fetch Akeyless secrets
command: echo "mysecret=[$mysecret]" && echo "demo_secret=[$demo_secret]"
In this example, we used email and password authentication to fetch different secrets: /MySecret1 and
/api-gw those secrets are being injected into environment variables mysecret
and demo-secret accordingly.
Note:
You can choose any Authentication Method. Please make sure this Authentication Method have access to your secret.
Example 2 - supporting Zero Trust Encryption with a customer fragment:
Go into Environment Variables to setup global configuration:
In our example, you would need to configure the following environment variable:
- AKEYLESS_API_GW_URL
If you have your own Akeyless Gateway setup - set the URL for the Restful API, otherwise you can use Akeyless Public Gateway with the following URL:
https://rest.akeyless.io
- Pipeline will be triggered and you'll be able to view your build:
Updated 2 months ago