type
status
date
slug
summary
tags
category
icon
password
Since I have multiple projects on different VMs and locations, it becomes overwhelming to manage environment changes, as each project stores its
.env file locally.What is Vault ?
Then
Vault comes, Vault is open source apps to Secure, store, and tightly control access to tokens, passwords, certificates, encryption keys for protecting secrets, and other sensitive data using a UI, CLI, or HTTP API.in jenkins we can call
.env without change hardcode in CICD Pipeline or add manual into Jenkins credentials.Example in my CICD Pipeline is use
${username-db} and i store it on vault. Whenever i am change the env value on vault its will dynamic changes, and it can used for diffrent pipeline project without doing ssh to server one by one.
Install Vault
The first thing you needd the Vault. You need to install the Vault on
VM or using Docker
Install on VM
You can install from official vault to get updated software
Install on Docker
To make easier all user i am using docker compose. this vault only for development environment.
save it to docker-compose.yaml and run it with
docker compose up -d 
now your vault is running and we can access from port
:1234 but in my case i use :12345 login with Token and password is define on docker compose environment
VAULT_DEV_ROOT_TOKEN_ID: myroot 
In dashboard there was already default secret engine. you can create new secret engines for your usage.
First Secret
lets try to make our first secret
in here i am create from secret engine
cubbyhole with path newsecret and its will under cubbyhole path like cubbyhole/newsecret lets try to get data with curlas we can see we got the env from newsecret, because its only 1 env its only will show 1 data
if you try to add new secret or change value its will automatic changes when we curl again
on first env is
test i am change the value from hi kevin to hi patrickthis is when i am try to make new secret engine
our-project-secret/web-app 
in vault not only secret env you can store, its have many options to store
so conclusion is vault is helpful that can store and secure secrets with dynamic.
in next post i will use it in my CICD Pipeline Jenkins
- Author:samuraixheart
- URL:https://blog.abdulazizm.my.id/article/vault-with-jenkins-cicd
- Copyright:All articles in this blog, except for special statements, adopt BY-NC-SA agreement. Please indicate the source!
