A secret extension that provides optional support for sourcing secrets from Vault. Please note this project requires Drone server version 1.3 or higher.
Behaviour changed from permissive to strict/forbidden for secrets which have x-drone-* keys missed
Create a shared secret:
$ openssl rand -hex 16
Download and run the plugin:
$ docker run -d \
--publish=3000:3000 \
--env=DRONE_DEBUG=true \
--env=DRONE_SECRET=bea26a2221fd8090ea38720fc445eca6 \
--env=VAULT_ADDR=... \
--env=VAULT_TOKEN=... \
--restart=always \
--name=drone-vault drone/vault
Using approle authentication:
$ docker run -d \
--publish=3000:3000 \
--env=DRONE_DEBUG=true \
--env=DRONE_SECRET=bea26a2221fd8090ea38720fc445eca6 \
--env=VAULT_ADDR=... \
--env=VAULT_AUTH_TYPE=approle \
--env=VAULT_APPROLE_ID=... \
--restart=always \
--name=drone-vault drone/vault
Update your runner configuration to include the plugin address and the shared secret.