Skip to content

support akeyless secrets

What does this MR do?

Adding support to authenticate and fetch secrets from akeyless

Why was this MR needed?

With this feature we will be adding a new CI configuration as such:

job:
  id_tokens:
    AKEYLESS_JWT:
      aud: 'https://gitlab.com'
  secrets:
    DATABASE_PASSWORD:
      token: $AKEYLESS_JWT
      akeyless:
        name: 'my-project-secret'

With this configuration, the job would have the secret retrieved from Akeyless Secret stored in the build variable DATABASE_PASSWORD.

The implementation of the CI config in Rails is in this MR: gitlab!147283 (closed)

What's the best way to test this MR?

  1. Log in to Akeyless https://console.akeyless.io/
  2. Create a new static secret: https://docs.akeyless.io/docs/static-secrets
  3. Create authenticate method of type OAuth2.0/JWT: https://docs.akeyless.io/docs/oauth20jwt
  4. Create a Role to the auth method you created to be able to access the secret: https://docs.akeyless.io/docs/rbac
  5. Set up a GDK environment with this gitlab-runner and gitlab gitlab!147283 (closed)
  6. Use the YAML example I wrote in the description and update the name and the AKEYLESS_ACCESS_ID variable in the CI/CD.
  7. Run the pipeline and see that you got the secret in the build variable DATABASE_PASSWORD.

What are the relevant issue numbers?

Related to gitlab#443305 (closed)

Edited by Amir Maor

Merge request reports

Loading