Skip to main content
Version: 2.0

CI/CD

This example uses an AWS account, defines credentials for a database, and inject them in a context that will be used by a Gitlab CI/CD.

It requires the following environment values (in local environment and in the Gitlab secrets):

  • SECENV_aws_org_access_key_id
  • SECENV_aws_org_secret_access_key
  • SECENV_aws_org_region
.secenv.yaml
stores:
  aws_org:
    type: aws

secrets:
  - secret: DATABASE_CREDENTIALS
    store: aws_org
    keys:
      - host
      - user
      - password

contexts:
  default:
    vars:
      DB_HOST:
        store: aws_org
        secret: DATABASE_CREDENTIALS
        key: host
      DB_USER:
        store: aws_org
        secret: DATABASE_CREDENTIALS
        key: user
      DB_PASSWORD:
        store: aws_org
        secret: DATABASE_CREDENTIALS
        key: password

Now, it is possible to run the following commands:

# Fill the secrets
$ secenv secrets

# And generate the context
$ secenv contexts
default

$ secenv context default
export DB_HOST='...'
export DB_USER='...'
export DB_PASSWORD='...'

And it is possible to use the following code in the Gitlab pipeline:

.gitlab-ci.yml
stages:
  - init
  - migrations

Setup secrets:
  image: builder
  stage: init
  script: |
    eval $(secenv context default)

Apply the DB migrations:
  image: builder
  stage: migrations
  script: |
    make db:migrations