»GitHub Actions

Workflows in GitHub Actions can make use of secrets stored in Vault by using a vault-action step.

»Example

Here is an example vault-action step in a workflow:

jobs:
    build:
        # ...
        steps:
            # ...
            - name: Import Secrets
              uses: hashicorp/vault-action@v2.4.0
              with:
                url: https://vault.example.com:8200
                token: ${{ secrets.VAULT_TOKEN }}
                caCertificate: ${{ secrets.VAULT_CA_CERT }}
                secrets: |
                    secret/data/ci/aws accessKey | AWS_ACCESS_KEY_ID ;
                    secret/data/ci/aws secretKey | AWS_SECRET_ACCESS_KEY ;
                    secret/data/ci npm_token

jobs:
    build:
        # ...
        steps:
            # ...
            - name: Import Secrets
              uses: hashicorp/vault-action@v2.4.0
              with:
                url: https://vault.example.com:8200
                token: ${{ secrets.VAULT_TOKEN }}
                caCertificate: ${{ secrets.VAULT_CA_CERT }}
                secrets: |
                    secret/data/ci/aws accessKey | AWS_ACCESS_KEY_ID ;
                    secret/data/ci/aws secretKey | AWS_SECRET_ACCESS_KEY ;
                    secret/data/ci npm_token

This example will authenticate to Vault instance at https://vault.example.com:8200 with the GitHub secrets defined in VAULT_TOKEN and VAULT_CA_CERT, and will add environment variables available for next steps in the workflow:

• The secret at path secret/data/ci/aws with the key accessKey available in the environment variable AWS_ACCESS_KEY_ID
• The secret at path secret/data/ci/aws with the key secretKey available in the environment variable AWS_SECRET_ACCESS_KEY
• The secret at path secret/data/ci with the key npm_token available in the environment variable NPM_TOKEN

»Further Information

For more information on using the vault-action GitHub Action, visit:

• vault-secrets GitHub action documentation
• Vault GitHub actions tutorial