metadata: name: vaultRotateSecretId description: Rotate vault AppRole Secret ID longDescription: This step takes the given Vault secret ID and checks whether it needs to be renewed and if so it will update the secret ID in the configured secret store. spec: inputs: params: - name: secretStore type: string description: "The store to which the secret should be written back to" scope: - PARAMETERS - STAGES - STEPS default: "jenkins" possibleValues: - jenkins - ado - name: jenkinsUrl type: string description: "The jenkins url" scope: - PARAMETERS - STAGES - STEPS secret: true resourceRef: - type: vaultSecret paths: - $(vaultPath)/jenkins - $(vaultBasePath)/$(vaultPipelineName)/jenkins - $(vaultBasePath)/GROUP-SECRETS/jenkins aliases: - name: url - name: jenkinsCredentialDomain type: string description: The jenkins credential domain which should be used scope: - PARAMETERS - STAGES - STEPS default: "_" - name: jenkinsUsername type: string description: "The jenkins username" scope: - PARAMETERS - STAGES - STEPS secret: true aliases: - name: userId resourceRef: - type: vaultSecret paths: - $(vaultPath)/jenkins - $(vaultBasePath)/$(vaultPipelineName)/jenkins - $(vaultBasePath)/GROUP-SECRETS/jenkins - name: jenkinsToken type: string description: "The jenkins token" scope: - PARAMETERS - STAGES - STEPS secret: true aliases: - name: token resourceRef: - type: vaultSecret paths: - $(vaultPath)/jenkins - $(vaultBasePath)/$(vaultPipelineName)/jenkins - $(vaultBasePath)/GROUP-SECRETS/jenkins - name: vaultAppRoleSecretTokenCredentialsId type: string description: The Jenkins credential ID or Azure DevOps variable name for the Vault AppRole Secret ID credential scope: - GENERAL - PARAMETERS - STAGES - STEPS mandatory: true - name: vaultServerUrl type: string scope: - GENERAL - PARAMETERS - STAGES - STEPS description: The URL for the Vault server to use mandatory: true - name: vaultNamespace type: string scope: - GENERAL - PARAMETERS - STAGES - STEPS description: The vault namespace that should be used (optional) - name: daysBeforeExpiry type: int description: The amount of days before expiry until the secret ID gets rotated scope: - PARAMETERS - STAGES - STEPS default: 15 - name: adoOrganization type: string scope: - GENERAL - PARAMETERS - STAGES - STEPS description: The Azure DevOps organization name - name: adoPersonalAccessToken type: string scope: - PARAMETERS - STAGES - STEPS description: The Azure DevOps personal access token secret: true resourceRef: - type: vaultSecret paths: - $(vaultPath)/jenkins - $(vaultBasePath)/$(vaultPipelineName)/jenkins - $(vaultBasePath)/GROUP-SECRETS/jenkins - name: adoProject type: string scope: - PARAMETERS - STAGES - STEPS description: The Azure DevOps project ID. Project name also can be used - name: adoPipelineId type: int scope: - PARAMETERS - STAGES - STEPS description: The Azure DevOps pipeline ID. Also called as definition ID