CI/CD
This example uses an AWS account, defines credentials for a database, and inject them in a context that will be used by a Gitlab CI/CD.
It requires the following environment values (in local environment and in the Gitlab secrets):
SECENV_aws_org_access_key_idSECENV_aws_org_secret_access_keySECENV_aws_org_region
.secenv.yaml
stores:
aws_org:
type: aws
secrets:
- secret: DATABASE_CREDENTIALS
store: aws_org
keys:
- host
- user
- password
contexts:
default:
vars:
DB_HOST:
store: aws_org
secret: DATABASE_CREDENTIALS
key: host
DB_USER:
store: aws_org
secret: DATABASE_CREDENTIALS
key: user
DB_PASSWORD:
store: aws_org
secret: DATABASE_CREDENTIALS
key: password
Now, it is possible to run the following commands:
# Fill the secrets
$ secenv secrets
# And generate the context
$ secenv contexts
default
$ secenv context default
export DB_HOST='...'
export DB_USER='...'
export DB_PASSWORD='...'
And it is possible to use the following code in the Gitlab pipeline:
.gitlab-ci.yml
stages:
- init
- migrations
Setup secrets:
image: builder
stage: init
script: |
eval $(secenv context default)
Apply the DB migrations:
image: builder
stage: migrations
script: |
make db:migrations