Giter Site home page Giter Site logo

gin-vals's Introduction

Accessing external Secrets in Gitlab CI

There are times when you want to access your existing credentials from a secure location, like Vault by HashiCorp, AWS or some other big Cloud provider but your current CI Image does not have the necessary SDK installed or means to retrieve them. Maintaining them a second time as Gitlab Variables or accessing them in a previous job should not be done and is considered insecure for many reasons. That is why I created Gin Vals. Simply run Gin Vals as an Service and make a Web Request to the service.

Concept

As the name describes Gin Vals combines to simple GO dependencies to create a slim and easy solution for most providers. Vals by Variantdev is a tool for managing configuration values and secrets for the major cloud providers and other technologies. Now we simply need to make it accessible via REST with the Gin Web Framework.

Usage

Because we are using Vals as our configuration and secrets tool, we can simply refer to its documentation:

  • Vault: ref+vault://PATH/TO/KVBACKEND%23/fieldkey
  • AWS Secrets Manager: ref+awssecrets://PATH/TO/SECRET%23/fieldkey
  • GCP Secrets Manager: ref+gcpsecrets://PROJECT/SECRET
  • and many more...

I will use the simple echo method to display some possible methods of using Gin Vals.

Simple single value GET request

The easiest way is to just retrieve one secret via GET. Add the Vals string as path and you should be able to get your secret value into a variable.

test:
  image: bitnami/bitnami-shell:latest
  services:
    - name: patrickdomnick/gin-vals:latest
      alias: ginvals
  script:
    - export secret=$(curl -X GET "http://ginvals:9090/ref+echo://foo/bar")
    - echo secret

Simple single value POST request

The more advanced method would be to retrieve many secrets at once as a json object. From here we could parse the data with tools like jq depending on the main image you are using.

test:
  image: bitnami/bitnami-shell:latest
  services:
    - name: patrickdomnick/gin-vals:latest
      alias: ginvals
  script:
    - export secretJson=$(curl -H 'Content-Type: application/json' -d '{"foo": "ref+echo://foo/bar","bar": "ref+echo://bar/foo"}' -X POST "http://ginvals:9090")

Changing the default Port

Set Environment Variable GINVALS_PORT to a Port-Number of your choosing. Will default to 9090.

Roadmap

  • Improved Automated Testing
  • Improve Documentation

Contribution

TODO

Authors and acknowledgment

License

Apache License

gin-vals's People

Contributors

semantic-release-bot avatar henrysachs avatar

Watchers

Patrick Domnick avatar

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    ๐Ÿ–– Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. ๐Ÿ“Š๐Ÿ“ˆ๐ŸŽ‰

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google โค๏ธ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.