We would like to use Hashicorp Vault to manage our secrets and access these secrets form within Pipelines. This can be done via the Vault REST API using a Vault token as authentication. The token can be stored as a repository variable, so it's available during the build.
However, as it is best practice, tokens have a limited life time and need to be rotated. How can I rotate Vault tokens? Is there a cronjob like service / integration that could be used?
You can definitely hook in vault using an oidc machine to machine connection, such as auth0 in your pipeline
Hi Rene,
Is it possible to generate the Vault token programmatically?
If so, you can add the code to generate in your yml file; this way, you will generate a new token for every build during the build, and you won't need to store it as a repository variable.
Is this something that would work for you?
Kind regards,
Theodora
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.