-
Notifications
You must be signed in to change notification settings - Fork 0
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
- Loading branch information
Evan de Jesus
committed
Apr 5, 2021
0 parents
commit 73e95e3
Showing
4 changed files
with
49 additions
and
0 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,9 @@ | ||
| FROM vault:latest | ||
|
|
||
| RUN apk add --update jq | ||
|
|
||
| # Copies your code file from your action repository to the filesystem path `/` of the container | ||
| COPY entrypoint.sh /entrypoint.sh | ||
|
|
||
| # Code file to execute when the docker container starts up (`entrypoint.sh`) | ||
| ENTRYPOINT ["/entrypoint.sh"] |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1 @@ | ||
| # Vault AWS Action |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,13 @@ | ||
| # action.yml | ||
| name: 'Vault Pipeline Auth' | ||
| description: 'Retreive aws role credentials using a vault token' | ||
| outputs: | ||
| access_key: | ||
| description: 'access key of role credential set' | ||
| secret_key: | ||
| description: 'secret key of role credential set' | ||
| session_token: | ||
| description: 'session token of role credential set' | ||
| runs: | ||
| using: 'docker' | ||
| image: 'Dockerfile' |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,26 @@ | ||
| #!/bin/sh -l | ||
|
|
||
| set -e | ||
|
|
||
| if [ -z "$VAULT_TOKEN" ]; then | ||
| echo "VAULT_TOKEN is not set. Quitting." | ||
| exit 1 | ||
| fi | ||
|
|
||
| if [ -z "$VAULT_ROLE" ]; then | ||
| echo "VAULT_ROLE is not set. Quitting." | ||
| exit 1 | ||
| fi | ||
|
|
||
| if [ -z "$VAULT_ADDR" ]; then | ||
| VAULT_ADDR=https://vault.24g.dev | ||
| fi | ||
|
|
||
| vault read -address=$VAULT_ADDR aws/sts/$VAULT_ROLE ttl=30m --format=json >creds.json | ||
| AWS_ACCESS_KEY_ID=$(jq -r '.data.access_key' creds.json) | ||
| AWS_SECRET_ACCESS_KEY=$(jq -r '.data.secret_key' creds.json) | ||
| AWS_SESSION_TOKEN=$(jq -r '.data.security_token' creds.json) | ||
|
|
||
| echo "::set-output name=access_key::$AWS_ACCESS_KEY_ID" | ||
| echo "::set-output name=secret_key::$AWS_SECRET_ACCESS_KEY" | ||
| echo "::set-output name=session_token::$AWS_SESSION_TOKEN" |