issue #172: vault integration

ai-cfia · Dec 6, 2024 · 8163a98 · 8163a98
1 parent 7d1f7c7
commit 8163a98
Showing 1 changed file with 3 additions and 13 deletions.
diff --git a/.github/workflows/workflow-detect-secret-leaks.yml b/.github/workflows/workflow-detect-secret-leaks.yml
@@ -16,32 +16,22 @@ jobs:
       - name: Checkout code
         uses: actions/checkout@v3
 
-      - name: Authenticate with Vault using GitHub OIDC
-        id: vault_auth
+      # https://github.com/hashicorp/vault-action?tab=readme-ov-file#multiple-secrets
+      # https://github.com/hashicorp/vault-action?tab=readme-ov-file#example-usage
+      - name: Authenticate with Vault using GitHub OIDC and retrieve secrets
         uses: hashicorp/[email protected]
         with:
           url: http://vault.vault.svc.cluster.local:8200
           caCertificate: ${{ secrets.VAULT_CA_CERT }}
           method: github
           githubToken: ${{ secrets.VAULT_TOKEN }}
-
-      # https://github.com/hashicorp/vault-action?tab=readme-ov-file#multiple-secrets
-      - name: Retrieve secrets from Vault
-        id: get_secrets
-        uses: hashicorp/[email protected]
-        with:
-          url: ${{ secrets.VAULT_ADDR }}
-          method: jwt
-          role: github-actions
           secrets: |
             secret/kv/fertiscan/frontend * | API_KEY_ ;
             secret/kv/fertiscan/frontend * | API_KEY_ ;
             secret/kv/fertiscan/database * | API_KEY_ ;
             secret/kv/fertiscan-dev * | API_KEY_ ;
             secret/kv/nachet * | API_KEY_ ;
             secret/kv/finesse * | API_KEY_
-        env:
-          VAULT_TOKEN: ${{ steps.vault_auth.outputs.vault_token }}
 
       - name: Install git-secrets
         run: |