Giter Club home page Giter Club logo

conjur-action's Introduction

CyberArk Conjur Secret Fetcher

GitHub Action for secure secrets delivery to your workflow test environment using CyberArk Conjur.

Example

on: [push]

jobs:
  test:
    # ...
    steps:
      # ...
      - name: Import Secrets using CyberArk Conjur Secret Fetcher
        uses: infamousjoeg/conjur-action
        with:
          url: ${{ secrets.CONJUR_URL }}
          account: cyberarkdemo
          host_id: ${{ secrets.CONJUR_USERNAME }}
          api_key: ${{ secrets.CONJUR_API_KEY }}
          secrets: db/sqlusername | sql_username; db/sql_password
      # ...

Arguments

Required

  • url - this is the path to your Conjur instance endpoint. e.g. https://conjur.cyberark.com:8443
  • account - this is the account configured for the Conjur instance during deployment.
  • host_id - this is the Host ID granted to your application by Conjur when created via policy. e.g. host/db/github_action
  • api_key - this is the API key associated with your Host ID declared previously.
  • secrets - a semi-colon delimited list of secrets to fetch. Refer to Secrets Syntax in the README below for more details.

Optional

  • certificate - if using a self-signed certificate, provide the contents for validated SSL.

Secrets Syntax

{{ conjurVariable1 | envVarName1; conjurVariable2 }}

The secrets argument is a semi-colon (;) delimited list of secrets. The list can optionally contain the name to set for the environment variable.

Example

db/sqlusername | sql_username; db/sql_password

In the above example, the first secret section is db/sqlusername | sql_username. The | separates the Conjur Variable ID from the environment variable that will contain the value of the Conjur Variable's value.

The second secret section is db/sql_password. When no name is given for the environment variable, the Conjur Variable Name will be used. In this example, the value would be set to SQL_PASSWORD as the environment variable name.

Security

Protecting Arguments

It is recommended to set the URL, Host ID, and API Key values for the Action to function as secrets by going to Settings > Secrets in your GitHub repository and adding them there. These can then be called in your workflows' YAML file as a variable: ${{ secrets.SECRETNAME }}

Masking

The CyberArk Conjur Secret Fetcher GitHub Action utilizes masking prior to setting secret values to the environment. This prevents output to the console and to logs.

Maintainer

Joe Garcia - @infamousjoeg

Buy me a coffee

License

MIT

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    ๐Ÿ–– Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. ๐Ÿ“Š๐Ÿ“ˆ๐ŸŽ‰

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google โค๏ธ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.