vault-action

A helper action for retrieving vault secrets as env vars.

Example Usage

jobs:
    build:
        # ...
        steps:
            # ...
            - name: Import Secrets
              uses: richicoder1/vault-action
              with:
                vaultUrl: https://vault.mycompany.com
                vaultToken: ${{ secrets.VaultToken }}
                keys: |
                    ci/aws accessKey | AWS_ACCESS_KEY_ID ;
                    ci/aws secretKey | AWS_SECRET_ACCESS_KEY ;
                    ci/npm token | NPM_TOKEN
            # ...

Key Syntax

The keys parameter is multiple keys separated by the ; character.

Each key is comprised of the path of they key, and optionally a JSONPath expression and an output name.

{{ Key Path }} > {{ JSONPath Query }} | {{ Output Environment Variable Name }}

Simple Key

To retrieve a key npmToken from path ci that has value somelongtoken from vault you could do:

with:
    keys: ci npmToken

vault-action will automatically normalize the given data key, and output:

NPMTOKEN=somelongtoken

Set Environment Variable Name

However, if you want to set it to a specific environmental variable, say NPM_TOKEN, you could do this instead:

with:
    keys: ci npmToken | NPM_TOKEN

With that, vault-action will now use your requested name and output:

NPM_TOKEN=somelongtoken

Multiple Keys

This action can take multi-line input, so say you had your AWS keys stored in a path and wanted to retrieve both of them. You can do:

with:
    keys: |
        ci/aws accessKey | AWS_ACCESS_KEY_ID ;
        ci/aws secretKey | AWS_SECRET_ACCESS_KEY

Masking

This action uses Github Action's built in masking, so all variables will automatically be masked if printed to the console or to logs.