diff options
Diffstat (limited to 'doc/ci/examples/authenticating-with-hashicorp-vault/index.md')
-rw-r--r-- | doc/ci/examples/authenticating-with-hashicorp-vault/index.md | 5 |
1 files changed, 5 insertions, 0 deletions
diff --git a/doc/ci/examples/authenticating-with-hashicorp-vault/index.md b/doc/ci/examples/authenticating-with-hashicorp-vault/index.md index 40ba7cff5f9..fc1e06e91c6 100644 --- a/doc/ci/examples/authenticating-with-hashicorp-vault/index.md +++ b/doc/ci/examples/authenticating-with-hashicorp-vault/index.md @@ -50,6 +50,7 @@ The JWT's payload looks like this: "user_login": "myuser" # GitLab @username "user_email": "myuser@example.com", # Email of the user executing the job "pipeline_id": "1212", # + "pipeline_source": "web", # Pipeline source, see: https://docs.gitlab.com/ee/ci/yaml/#common-if-clauses-for-rules "job_id": "1212", # "ref": "auto-deploy-2020-04-01", # Git ref for this job "ref_type": "branch", # Git ref type, branch or tag @@ -202,6 +203,10 @@ read_secrets: - export PASSWORD="$(vault kv get -field=password secret/myproject/production/db)" ``` +NOTE: +If you're using a Vault instance provided by HashiCorp Cloud Platform, +you need to export the `VAULT_NAMESPACE` variable. Its default value is `admin`. + ![read_secrets staging](img/vault-read-secrets-staging.png) The following job is able to authenticate using the `myproject-production` role and read secrets under `/secret/myproject/production/`: |