Open julien-carsique-sonarsource opened 1 year ago
That is correct and it is expected. The Vault resolution works on the Cirrus Agent side after container is being created. The registry config is getting configured on Cirrus Cloud side (which might not even have access to your private Vault) before a container is shceduled.
I assume you are using your private EKS of GKE cluster. Doesn't it already has access to your private registry?
EKS cluster, yes. The goal is to provide authenticated access to other registries than ECR, like Docker Hub.
Expected Behavior
Be able to provide the Docker registry config with an HashiCorp vault instead of an encrypted variable:
Real Behavior
Currently, only
registry_config: ENCRYPTED[...]
can be used. The substitution seems to happen before the vault resolution.Related Info
The goal is being able to benefit of botth https://cirrus-ci.org/guide/writing-tasks/#hashicorp-vault-support https://cirrus-ci.org/guide/linux/#working-with-private-registries