Closed edigaryev closed 1 year ago
@fkorotkov I'm also a bit wary of how the errors are reported currently in executor.RunBuild()
(which is called from main()
):
Should we use a ReportAgentError()
RPC call instead or devise a new method of reporting errors in places that are not instructions?
Good point. Let's report it as an agent error.
Good point. Let's report it as an agent error.
This takes a bit different approach than Vault GitHub Action in terms of querying the secrets.
Because there's no reliable way to differentiate between V1 and V2 secrets, automatically unwrapping the
data
field might result in a false-positive, where a V1 key contains a field nameddata
.So instead, the V2 secrets can be queried similarly to the CLI, by adding a
data
selector manually:This V2 storage password can be queried with
VAULT[secret/data/admin data.password]
.The PR introduces a
CIRRUS_VAULT_NAMESPACE
environment variable because without it, Vault Enterprise is unusable.See https://github.com/cirruslabs/cirrus-ci-docs/issues/1079.