From 733987eab2182e5daed6447724bc3ff323ff7361 Mon Sep 17 00:00:00 2001
From: Michele Brambilla <michele.brambilla@cscs.ch>
Date: Mon, 22 Apr 2024 13:09:53 +0000
Subject: [PATCH] Use VAULT_ID_TOKEN to authenticate pipeline

---
 .gitlab-ci.yml | 5 ++++-
 1 file changed, 4 insertions(+), 1 deletion(-)

diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml
index cc7e5db1..ff12f115 100644
--- a/.gitlab-ci.yml
+++ b/.gitlab-ci.yml
@@ -25,8 +25,11 @@ get_credentials:
   tags:
     - Fulen
     - K8s
+  id_tokens:
+    VAULT_ID_TOKEN:
+      aud: https://git.cscs.ch
   script:
-    - export VAULT_TOKEN="$(vault write -field=token auth/jwt/login role=iam jwt=$CI_JOB_JWT)"
+    - export VAULT_TOKEN="$(vault write -field=token auth/jwt_idtoken/login role=iam jwt=$VAULT_ID_TOKEN)"
     - if [[ ${#VAULT_TOKEN} -lt 3 ]]; then echo "ERROR, Vault token empty"; exit 1; fi
     - export JFROG_USER="$(vault kv get -field=JFROG_USER $VAULT_PATH)"
     - export JFROG_TOKEN="$(vault kv get -field=JFROG_TOKEN $VAULT_PATH)"