2020-11-17 14:49:31 +02:00
metadata :
name : vaultRotateSecretId
2021-12-21 12:52:10 +02:00
description : Rotate Vault AppRole Secret ID
2020-11-17 14:49:31 +02:00
longDescription : This step takes the given Vault secret ID and checks whether it needs to be renewed and if so it will update the secret ID in the configured secret store.
spec :
inputs :
params :
- name : secretStore
type : string
description : "The store to which the secret should be written back to"
scope :
- PARAMETERS
- STAGES
- STEPS
default : "jenkins"
possibleValues :
- jenkins
2021-09-08 16:48:12 +02:00
- ado
2023-04-17 08:35:13 +02:00
- github
2020-11-17 14:49:31 +02:00
- name : jenkinsUrl
type : string
description : "The jenkins url"
scope :
- PARAMETERS
- STAGES
- STEPS
secret : true
resourceRef :
- type : vaultSecret
2021-10-13 16:28:51 +02:00
name : jenkinsVaultSecretName
2021-09-21 13:06:32 +02:00
default : jenkins
2020-11-17 14:49:31 +02:00
aliases :
- name : url
- name : jenkinsCredentialDomain
type : string
description : The jenkins credential domain which should be used
scope :
- PARAMETERS
- STAGES
- STEPS
default : "_"
- name : jenkinsUsername
type : string
description : "The jenkins username"
scope :
- PARAMETERS
- STAGES
- STEPS
secret : true
aliases :
- name : userId
resourceRef :
- type : vaultSecret
2021-10-13 16:28:51 +02:00
name : jenkinsVaultSecretName
2021-09-21 13:06:32 +02:00
default : jenkins
2020-11-17 14:49:31 +02:00
- name : jenkinsToken
type : string
description : "The jenkins token"
scope :
- PARAMETERS
- STAGES
- STEPS
secret : true
aliases :
- name : token
resourceRef :
- type : vaultSecret
2021-10-13 16:28:51 +02:00
name : jenkinsVaultSecretName
2021-09-21 13:06:32 +02:00
default : jenkins
2020-11-17 14:49:31 +02:00
- name : vaultAppRoleSecretTokenCredentialsId
type : string
2023-04-17 08:35:13 +02:00
description : The Jenkins credential ID, Azure DevOps variable name, or GitHub Actions secret name for the Vault AppRole Secret ID credential
2020-11-17 14:49:31 +02:00
scope :
- GENERAL
- PARAMETERS
- STAGES
- STEPS
mandatory : true
- name : vaultServerUrl
type : string
scope :
- GENERAL
- PARAMETERS
- STAGES
- STEPS
description : The URL for the Vault server to use
mandatory : true
- name : vaultNamespace
type : string
scope :
- GENERAL
- PARAMETERS
- STAGES
- STEPS
2021-12-21 12:52:10 +02:00
description : The Vault namespace that should be used (optional)
2020-11-17 14:49:31 +02:00
- name : daysBeforeExpiry
type : int
description : The amount of days before expiry until the secret ID gets rotated
scope :
- PARAMETERS
- STAGES
- STEPS
default : 15
2021-09-08 16:48:12 +02:00
- name : adoOrganization
type : string
scope :
- GENERAL
- PARAMETERS
- STAGES
- STEPS
description : The Azure DevOps organization name
- name : adoPersonalAccessToken
2021-10-13 16:28:51 +02:00
aliases :
- name : token
2021-09-08 16:48:12 +02:00
type : string
scope :
- PARAMETERS
- STAGES
- STEPS
description : The Azure DevOps personal access token
secret : true
2021-10-01 12:49:05 +02:00
mandatoryIf :
- name : secretStore
value : ado
2021-09-08 16:48:12 +02:00
resourceRef :
- type : vaultSecret
2021-10-13 16:28:51 +02:00
name : azureDevOpsVaultSecretName
default : azure-dev-ops
2021-09-08 16:48:12 +02:00
- name : adoProject
type : string
scope :
- PARAMETERS
- STAGES
- STEPS
description : The Azure DevOps project ID. Project name also can be used
- name : adoPipelineId
type : int
scope :
- PARAMETERS
- STAGES
- STEPS
description : The Azure DevOps pipeline ID. Also called as definition ID
2023-04-17 08:35:13 +02:00
- name : githubToken
aliases :
- name : access_token
- name : token
type : string
scope :
- GENERAL
- PARAMETERS
- STAGES
- STEPS
description : "GitHub personal access token as per
https://help.github.com/en/github/authenticating-to-github/creating-a-personal-access-token-for-the-command-line
with the scope 'repo'"
secret : true
mandatoryIf :
- name : secretStore
value : github
resourceRef :
- type : vaultSecret
default : github
name : githubVaultSecretName
- name : githubApiUrl
description : Set the GitHub API URL that corresponds to the pipeline repository
scope :
- GENERAL
- PARAMETERS
- STAGES
- STEPS
type : string
default : "https://api.github.com"
- name : owner
description : Owner of the pipeline GitHub repository
resourceRef :
- name : commonPipelineEnvironment
param : github/owner
scope :
- GENERAL
- PARAMETERS
- STAGES
- STEPS
type : string
- name : repository
description : Name of the pipeline GitHub repository
resourceRef :
- name : commonPipelineEnvironment
param : github/repository
scope :
- GENERAL
- PARAMETERS
- STAGES
- STEPS
type : string