Closed blarghmatey closed 1 year ago
The current priority secrets engines that we rely on are:
An example interface that might work for specifying the config for the resource could look like:
vault-resource:
source:
db_creds: postres-mitxonline/creds/readonly
static_kv: secret/path/to/secret
And those then write the response to a local YAML/JSON file that is set as an output and readable as inputs for downstream tasks to populate as a var source with the file named according to the key (e.g. db_creds.yaml)
If those can automatically create a var in the pipeline with the var named according to the key that would also be helpful.
Docs about dynamic vars and var sources are at https://concourse-ci.org/vars.html#dynamic-vars
User Story
Description/Context
We make heavy use of dynamic credentials in our infrastructure. As a result this leaks into some of our pipeline definitions that we would like to write/maintain.
Acceptance Criteria