I am using drone 0.8 enterprise edition and trying to publish a container to a private registry for testing. The trigger for this step is a pull request and my secret is stored in Vault but my username is not. I understand that secrets are not made available for pull request by default but this can be changed via the CLI. I also realized that the docs describe how to enable a secret to be used for a pull requests only if that secret is stored within Drone and not Vault. Is there anyway to enable a secret stored in Vault to be used when triggered by pull requests?
The step that gets triggered by the pull request is as shown below (with some identifying info removed):
build-test-image:
when:
event: [ pull_request ]
image: plugins/docker:17.05
registry: docker.example.com
repo: docker.example.com/app/repo
dockerfile: Dockerfile
tags:
- "b${DRONE_BUILD_NUMBER}-${DRONE_COMMIT:0:8}"
username: myusername
secrets:
- source: artifactory_password
target: docker_password
The secrets section is as follows
secrets:
...
artifactory_password:
path: secret/shared/tap/drone-secrets/yadayada
I assume my credentials are not being passed to the container because when the step above runs and fails I see the following line in the output:
Registry credentials not provided. Guest mode enabled.
Is there anything I am missing?