I’ve got an issue running Drone as a single machine instance, trying to store secrets in Vault and access them during builds with the Vault plugin. They can be retrieved successfully on the CLI, but not during builds.
- Host hxxps://drone.mydomain.com
- Running at 127.0.0.1.10280, forwarded by Nginx
- Host hxxps://drone-vault.mydomain.com
- Running at 127.0.0.1:8200, forwarded by Nginx
- Running at :10281
Drone startup variables include:
Vault plugin variables include:
Some of those variable settings are redundant but at this point I’m not sure
what is and isn’t necessary Have also tried switching a lot between
referring to the Vault address as its domain name and its internal address, but
no luck either way.
Storing a key ‘mykey’ at kv/test.
A successful Drone CLI request:
VAULT_ADDR=hxxps://drone-vault.mydomain.com DRONE_SECRET_ENDPOINT=hxxp://127.0.0.1:10281 DRONE_SECRET_SECRET=4d4xxx ./drone plugins secret get --repo=me/testrepo kv/test mykey
Usage in .drone.yml
--- kind: pipeline name: linux-amd64 platform: os: linux arch: amd64 workspace: base: /build steps: - name: check image: bash environment: MYKEY: from_secret: mykey commands: - echo $MYKEY | base64 trigger: branch: - master event: - push - promote - rollback --- kind: secret name: mykey get: path: kv/test name: mykey
+ echo $MYKEY | base64 Cg==
I’ve tried using the internal URL to be the Vault endpoint (hxxp://127.0.0.1:8200) but that stops it working with CLI retrieval too.
Any help greatly appreciated!