diff --git a/README.md b/README.md index 1c18702bb9f930ca527e00b536f36c3b467c20dd..ca215d94f080a0c97461253c884df4e90d767411 100644 --- a/README.md +++ b/README.md @@ -518,6 +518,7 @@ In order to be able to communicate with the Vault server, the variant requires t | Name | Description | Default value | | ----------------- | -------------------------------------- | ----------------- | +| `TBC_VAULT_IMAGE` | The [Vault Secrets Provider](https://gitlab.com/to-be-continuous/tools/vault-secrets-provider) image to use (can be overridden) | `$CI_REGISTRY/to-be-continuous/tools/vault-secrets-provider:master` | | `VAULT_BASE_URL` | The Vault server base API url | _none_ | | :lock: `VAULT_ROLE_ID` | The [AppRole](https://www.vaultproject.io/docs/auth/approle) RoleID | **must be defined** | | :lock: `VAULT_SECRET_ID` | The [AppRole](https://www.vaultproject.io/docs/auth/approle) SecretID | **must be defined** | diff --git a/kicker.json b/kicker.json index c9a7106a281661265eadec4eab90c43628c97b0e..e6a8edaed32fef909cc8035ff4e2c5e28a60244c 100644 --- a/kicker.json +++ b/kicker.json @@ -206,6 +206,12 @@ "description": "Retrieve secrets from a [Vault](https://www.vaultproject.io/) server", "template_path": "templates/gitlab-ci-docker-vault.yml", "variables": [ + { + "name": "TBC_VAULT_IMAGE", + "description": "The [Vault Secrets Provider](https://gitlab.com/to-be-continuous/tools/vault-secrets-provider) image to use", + "default": "$CI_REGISTRY/to-be-continuous/tools/vault-secrets-provider:master", + "advanced": true + }, { "name": "VAULT_BASE_URL", "description": "The Vault server base API url", diff --git a/templates/gitlab-ci-docker-vault.yml b/templates/gitlab-ci-docker-vault.yml index 7d4f94d39072aaa1aad9574c18561fcbd727852b..753ad78fa882b763b77e662412ac8deea3b1491e 100644 --- a/templates/gitlab-ci-docker-vault.yml +++ b/templates/gitlab-ci-docker-vault.yml @@ -2,6 +2,8 @@ # === Vault template variant # ===================================================================================================================== variables: + # variabilized vault-secrets-provider image + TBC_VAULT_IMAGE: "$CI_REGISTRY/to-be-continuous/tools/vault-secrets-provider:master" # variables have to be explicitly declared in the YAML to be exported to the service VAULT_ROLE_ID: "$VAULT_ROLE_ID" VAULT_SECRET_ID: "$VAULT_SECRET_ID" @@ -10,5 +12,5 @@ variables: services: - name: "$TBC_TRACKING_IMAGE" command: ["--service", "docker", "3.4.0"] - - name: "$CI_REGISTRY/to-be-continuous/tools/vault-secrets-provider:master" + - name: "$TBC_VAULT_IMAGE" alias: "vault-secrets-provider"