CI Secrets vault usage instrumentation with Snowplow
What does this MR do and why?
This MR adds Snowplow instrumentation to track the usage of secrets:
(vault integration) in the CI pipeline.
The instrumentation works by tracking the event when a pipeline Build
job is created with secrets
defined. This Snowplow metric is a mirror of the existing Service Ping RedisHLL metric with key_path: redis_hll_counters.ci_secrets_management.i_ci_secrets_management_vault_build_created_monthly
This MR resolves Instrument tracking for Secrets usage using Sno... (#388838 - closed). A similar MR for id_tokens
was previously merged--it implements the same tracking method.
How to set up and validate locally
-
secrets:
is a Premium feature so ensure your local instance is licensed. - Configure your GDK to run Snowplow Micro.
- Go to
http://gdk.test:9091/micro/good
to observe the events being tracked. - Go to your Project's CI/CD Editor and update the contents with the following.
job_with_secrets:
secrets:
MY_SECRET:
vault: production/db/password
script:
- echo 'test'
- Commit the changes and run the pipeline. Note that the job will fail (unless you have a valid vault set up locally). Refresh
http://gdk.test:9091/micro/good
and observe that an event appears withse_action:
valuecreate_secrets_vault
.
MR acceptance checklist
This checklist encourages us to confirm any changes have been analyzed to reduce risks in quality, performance, reliability, security, and maintainability.
-
I have evaluated the MR acceptance checklist for this MR.
Related to #388838 (closed)