GitLab CI/CD Integration

General

Like anything else, a Gitlab integration should represent at least one additional identity

Learn more about identities

Whether you create a GitLab CI identity or a pro team depends on the structures and permissions structure.

For the sake of simplicity, we will refer to this as a Gitlab CI identity.

This is generated independently from the CLI or Terraform.

Getting Started If you don't know how to create an identity, follow the Getting Started guide.

You should end up with the private key of the GitLab Ci identity.

Add this private key as a variable at the project or group level.

Goto:

Settings -> CI/CD -> Variables -> Add variable

Key: VAULT_CLI_HANDLERKEY
Value: Your identity Privatekey
Mask: true
Protect: true (some structure it makes sence to unprotected)

Now you are ready to integrate

You are now ready to use Vault Actions in GitLab CI.

Terraform Good to know

If you are using the vault with terraform/opentofu, you are done here and just need to map the variable to your private key tfvar.

Cli at pipelinestep

Now you can add a step where you read and write secrets/identities (depending on the permissions of the GitLab CI identity).

vault_stage:
  stage: load_secrets
  image:
    name: ghcr.io/cryptvault-cloud/vault-cli:latest
    entrypoint: [""]
  script:
    - vault-cli --help

Thats all!