So me and colleague are trying to get the vault feature going with drone. Looks like we’re almost there but secrets aren’t being fetched as expected. This is our docker-compose file that we’re using to prototype this which includes a vault instance as well.
yes, it would be helpful to see the .drone.yml configuration file that you are using. The .drone.yml file should define the secrets that are fetched from the vault plugin. Seeing the yaml configuration should help triage this further.
I second the described problem. I’ve tried to setup Vault plugin, and was unsuccessful as well. I spend a little bit of time looking for the environment variables specified in the documentation: DRONE_SECRET_ENDPOINT and DRONE_SECRET_SECRE, but I wasn’t able to find all of them - only the DRONE_SECRET_ENDPOINT is used to init secret-service config parameter here. And, as far as I understand, after the initialization, this config parameter is ignored.
I’m not a Go developer, so I definitely may miss some Go-magic, but for me, it looks like that you cannot use this plugin, due to the fact that Drone Agent never tries to connect to the Drone-Vault plugin instance.
the source code for the Drone 1.0 has not been released yet, which is why you are unable to find the corresponding code. In terms of difficulty getting things working, we are at the point where we need sample agent logs, sample agent configurations, and sample yaml files to proceed (the first two items have been provided in this thread, but I am waiting on the latter).
It is also possible the vault plugin’s Docker image is outdated and needs to be re-built to work with the latest release candidate due to some internal changes. I will force-publish a new image over the weekend.
I just wanted to point out though, my test that I listed above is using the “drone plugin secret get” cli command, shouldn’t I be able to do it with the cli before trying it in a build job?
yes you should. I have a feeling the drone/vault image is outdated which is the root cause of the problem. I seem to remember testing locally with the raw binary compiled from source, which also points to a problem with the docker image. I will build and publish the image and then test locally and let you know what I find.
The new image seems still not work, but the main problem is lack of debug messages and method for trouble shooting. drone-vault and drone-agent print nothing. I think it’s useful if drone-vault and drone-agent shoud print any message when encountered problems.