Skip to main content
Version: 1.1

CI/CD

This example uses an AWS account, defines credentials for a database, and inject them in a context that will be used by a Gitlab CI/CD.

It requires the following environment values (in local environment and in the Gitlab secrets):

  • SECENV_aws_org_access_key_id
  • SECENV_aws_org_secret_access_key
  • SECENV_aws_org_region
.secenv.yaml
stores:
aws_org:
type: aws

secrets:
- secret: DATABASE_CREDENTIALS
store: aws_org
keys:
- host
- user
- password

contexts:
default:
vars:
DB_HOST:
store: aws_org
secret: DATABASE_CREDENTIALS
key: host
DB_USER:
store: aws_org
secret: DATABASE_CREDENTIALS
key: user
DB_PASSWORD:
store: aws_org
secret: DATABASE_CREDENTIALS
key: password

Now, it is possible to run the following commands:

# Fill the secrets
$ secenv secrets

# And generate the context
$ secenv contexts
default

$ secenv context default
export DB_HOST='...'
export DB_USER='...'
export DB_PASSWORD='...'

And it is possible to use the following code in the Gitlab pipeline:

.gitlab-ci.yml
stages:
- init
- migrations

Setup secrets:
image: builder
stage: init
script: |
eval $(secenv context default)

Apply the DB migrations:
image: builder
stage: migrations
script: |
make db:migrations