rehanann
March 16, 2018, 5:11pm
1
Hi;
pipeline:
environment:
- SSH_KEY=$SSH_KEY
commands:
- echo $SSH_KEY > /root/bastion_user.key
- chmod 700 /root/bastion_user.key
secrets:
And i am able to call this secrets from the cmd line and using this with drone exec.
#!/bin/bash
if [ -z "SSH_KEY" ]; then
SSH_KEY= (vault read -format=json secret//packer-proxy-user | jq -r ‘.data.ssh_key_private_base64’ | base64 -D)
SSH_KEY2=$SSH_KEY
environment:
- SSH_KEY=$SSH_KEY
this is not a valid syntax. You can not interpolate environment variables like this. Also note that secrets are automatically injected into the container as environment variables, so you don’t need to set the environment variable.
therefore I’d recommend this change:
secrets: [SSH_KEY, 1, 2, 3]
-environment:
- - SSH_KEY=$SSH_KEY
commands:
- echo $SSH_KEY > /root/bastion_user.key
- chmod 700 /root/bastion_user.key
rehanann
March 16, 2018, 5:31pm
3
this is just an example the original code is like this in .drone.yml
and I removed SSH_KEY from enviornment stanze after your recommandation.
but the issue is still with drone it is not able to access SSH_KEYS from vault when my code is like this in .drone.yml.
secrets:
I can read the same credentials from command line as below:-
vault read -format=json secret/internal/CI/packer-proxy-user | jq -r ‘.data.ssh_key_private_base64’ | base64 -D)
I appreciate your suggestion.
This syntax is not valid.
secrets:
SSH_KEY:
path: secret/internal/CI/packer-proxy-user
value: ssh_key_private_base64
Instead if you want to specify the value, you need to make sure you have drone/drone:latest and you need the following syntax:
secrets:
SSH_KEY:
driver: vault
driver_opts:
path: secret/internal/CI/packer-proxy-user
key: ssh_key_private_base64
rehanann
March 16, 2018, 6:58pm
5
Vault data readable as object = key/value so I am calling my credentials from Vault and include into .drone.yml, is it possible as below
drone/drone:key/value
I’m sorry, I’m not sure I understand the question.