metadata: name: vaultRotateSecretId description: Rotate Vault AppRole Secret ID longDescription: This step takes the given Vault secret ID and checks whether it needs to be renewed and if so it will update the secret ID in the configured secret store. spec: inputs: params: - name: secretStore type: string description: "The store to which the secret should be written back to" scope: - PARAMETERS - STAGES - STEPS default: "jenkins" possibleValues: - jenkins - ado - github - name: jenkinsUrl type: string description: "The jenkins url" scope: - PARAMETERS - STAGES - STEPS secret: true resourceRef: - type: vaultSecret name: jenkinsVaultSecretName default: jenkins aliases: - name: url - name: jenkinsCredentialDomain type: string description: The jenkins credential domain which should be used scope: - PARAMETERS - STAGES - STEPS default: "_" - name: jenkinsUsername type: string description: "The jenkins username" scope: - PARAMETERS - STAGES - STEPS secret: true aliases: - name: userId resourceRef: - type: vaultSecret name: jenkinsVaultSecretName default: jenkins - name: jenkinsToken type: string description: "The jenkins token" scope: - PARAMETERS - STAGES - STEPS secret: true aliases: - name: token resourceRef: - type: vaultSecret name: jenkinsVaultSecretName default: jenkins - name: vaultAppRoleSecretTokenCredentialsId type: string description: The Jenkins credential ID, Azure DevOps variable name, or GitHub Actions secret name for the Vault AppRole Secret ID credential scope: - GENERAL - PARAMETERS - STAGES - STEPS mandatory: true - name: vaultServerUrl type: string scope: - GENERAL - PARAMETERS - STAGES - STEPS description: The URL for the Vault server to use mandatory: true - name: vaultNamespace type: string scope: - GENERAL - PARAMETERS - STAGES - STEPS description: The Vault namespace that should be used (optional) - name: daysBeforeExpiry type: int description: The amount of days before expiry until the secret ID gets rotated scope: - PARAMETERS - STAGES - STEPS default: 15 - name: adoOrganization type: string scope: - GENERAL - PARAMETERS - STAGES - STEPS description: The Azure DevOps organization name - name: adoPersonalAccessToken aliases: - name: token type: string scope: - PARAMETERS - STAGES - STEPS description: The Azure DevOps personal access token secret: true mandatoryIf: - name: secretStore value: ado resourceRef: - type: vaultSecret name: azureDevOpsVaultSecretName default: azure-dev-ops - name: adoProject type: string scope: - PARAMETERS - STAGES - STEPS description: The Azure DevOps project ID. Project name also can be used - name: adoPipelineId type: int scope: - PARAMETERS - STAGES - STEPS description: The Azure DevOps pipeline ID. Also called as definition ID - name: githubToken aliases: - name: access_token - name: token type: string scope: - GENERAL - PARAMETERS - STAGES - STEPS description: "GitHub personal access token as per https://help.github.com/en/github/authenticating-to-github/creating-a-personal-access-token-for-the-command-line with the scope 'repo'" secret: true mandatoryIf: - name: secretStore value: github resourceRef: - type: vaultSecret default: github name: githubVaultSecretName - name: githubApiUrl description: Set the GitHub API URL that corresponds to the pipeline repository scope: - GENERAL - PARAMETERS - STAGES - STEPS type: string default: "https://api.github.com" - name: owner description: Owner of the pipeline GitHub repository resourceRef: - name: commonPipelineEnvironment param: github/owner scope: - GENERAL - PARAMETERS - STAGES - STEPS type: string - name: repository description: Name of the pipeline GitHub repository resourceRef: - name: commonPipelineEnvironment param: github/repository scope: - GENERAL - PARAMETERS - STAGES - STEPS type: string