Bump akeyless from 4.1.0 to 4.2.0 (#130) #60
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: 'Custom Producer Dynamic Secrets' | |
# Docs => https://docs.akeyless.io/docs/custom-producer | |
# Custom Producer API source code => https://github.com/LanceMcCarthy/akeyless-web-target/blob/main/src/SecretsMocker/SecretsMocker/Controllers/SyncController.cs | |
on: | |
workflow_dispatch: | |
push: | |
branches: | |
- main | |
paths: | |
- 'src/**/*' | |
- 'package.json' | |
- 'package-lock.json' | |
- '.github/workflows/dynamic-custom.yml' | |
jobs: | |
############################## | |
########## Option 1 ########## | |
############################## | |
# - Uses default behavior | |
# The response from Akeyless is kept in it's original JSON string. It is then your responsibility to correctly parse it. | |
custom_producer_dynamic_secrets: | |
runs-on: ubuntu-latest | |
name: Custom producer dynamic secrets (default) | |
permissions: | |
id-token: write | |
contents: read | |
steps: | |
- name: Checkout | |
uses: actions/checkout@v3 | |
with: | |
fetch-depth: 0 | |
- name: Fetch dynamic secret from Akleyless | |
id: fetch-secrets | |
uses: ./ | |
with: | |
access-id: ${{ secrets.AKEYLESS_ACCESS_ID }} | |
dynamic-secrets: '{"/DevTools/custom-web-producer":"my_dynamic_secret"}' | |
- name: Verify Job Outputs using jq | |
run: | | |
echo "Your job output secret is ${{ steps.fetch-secrets.outputs.my_dynamic_secret }}" | |
echo "Manually parsed PASSWORD:" | |
echo '${{ steps.fetch-secrets.outputs.my_dynamic_secret }}' | jq '.password' | |
- name: Verify Environment Variables using jq | |
run: | | |
echo "Your environment secret is ${{ env.my_dynamic_secret }}" | |
echo "Manually parsed PASSWORD:" | |
echo '${{ env.my_dynamic_secret }}' | jq '.password' | |
# Extra 1 & 2 Another way to get the secret values is to use jq and export them to custom env vars directly | |
- name: EXTRA (part 1) - Export Secrets to Environment using jq | |
run: | | |
echo '${{ steps.fetch-secrets.outputs.my_dynamic_secret }}' | jq -r 'to_entries|map("AKEYLESS_\(.key)=\(.value|tostring)")|.[]' >> $GITHUB_ENV | |
- name: EXTRA (part 2) - Verify EXTRA 1's Exported Variables | |
run: | | |
echo "AKEYLESS_password = ${{ env.AKEYLESS_password }}" | |
############################## | |
########## Option 2 ########## | |
############################## | |
# - Uses 'parse-dynamic-secrets: true' | |
# This will automatically parse the JSON string into individual outputs | |
custom_producer_dynamic_secrets_parsed: | |
runs-on: ubuntu-latest | |
name: Custom producer dynamic secrets (parsed) | |
permissions: | |
id-token: write | |
contents: read | |
steps: | |
- name: Checkout | |
uses: actions/checkout@v3 | |
with: | |
fetch-depth: 0 | |
- name: Fetch dynamic secret from Akleyless | |
id: fetch-secrets | |
uses: ./ | |
with: | |
access-id: ${{ secrets.AKEYLESS_ACCESS_ID }} | |
dynamic-secrets: '{"/DevTools/custom-web-producer":""}' #no prefix, all output fields are dynamically parsed from source | |
parse-dynamic-secrets: true | |
- name: Verify Job Outputs (to known field names, pre-parsed) | |
run: | | |
echo "UPDATED_AT: ${{ steps.fetch-secrets.outputs.password }}" | |
- name: Verify Environment Variables (to known field names, pre-parsed) | |
run: | | |
echo "PASSWORD: ${{ env.password }}" | |
############################## | |
########## Option 3 ########## | |
############################## | |
# - Uses 'parse-dynamic-secrets: true' | |
# - Uses 'WEB' as a prefix to the output names | |
# This is the same as Option 2, but with a known prefix to help avoid conflicts with other variable names | |
custom_producer_dynamic_secrets_prefixed: | |
runs-on: ubuntu-latest | |
name: Customustom producer dynamic secrets (parsed with prefix) | |
permissions: | |
id-token: write | |
contents: read | |
steps: | |
- name: Checkout | |
uses: actions/checkout@v3 | |
with: | |
fetch-depth: 0 | |
- name: Fetch dynamic secret from Akleyless | |
id: fetch-secrets | |
uses: ./ | |
with: | |
access-id: ${{ secrets.AKEYLESS_ACCESS_ID }} | |
dynamic-secrets: '{"/DevTools/custom-web-producer":"WEB"}' #applies "WEB_" prefix to dynamically parsed output names | |
parse-dynamic-secrets: true | |
- name: Verify Job Outputs (to known field names, pre-parsed with prefix) | |
run: | | |
echo "PASSWORD: ${{ steps.fetch-secrets.outputs.WEB_password }}" | |
- name: Verify Environment Variables (to known field names, pre-parsed with prefix) | |
run: | | |
echo "PASSWORD: ${{ env.WEB_password }}" |