HashiCorp Developer AI Private beta now available Sign up today
HashiCorp Cloud Platform
HashiCorp Cloud Platform Home

Integrate with GitLab

GitLab customers can retrieve secrets from HCP Vault Secrets using the vlt command-line interface (CLI).

Prerequisites:

  • A Gitlab repository with permissions for viewing and modifying CI/CD job variables.
  • An Admin role in an HCP Project
  • An HCP Vault Secrets application and secret(s)

Service principal key

  1. Open your web browser and log into the HCP Portal.

  2. Click Access control (IAM). If you see the notification Modifying user permissions, click Go to org-name.

  3. Click Service principals.

  4. Enter a name in the Service principal name textbox and click Create service principal.

  5. In the Keys pane, click Create service principal key.

  6. Copy the Client ID and Client secret. These values will be used later to configure GitLab.

HCP organization and project ID

  1. Navigate back to the project dashboard.

  2. Click the HashiCorp logo in the top left corner.

  3. From the Organizations page, click the ellipses for the organization you want to connect to GitLab and select View.

  4. Click Settings and copy the ID. ui-hcp-portal-copy-org-id

  5. Click the Select a project menu and select the project you want to connect to GitLab.

  6. Click Settings and copy project ID ui-hcp-portal-copy-project-id

    The organization ID and project ID values will be used later to configure GitLab.

  7. Click Vault Secrets and copy the name of the application you want to use with GitLab. This value will be used later to configure GitLab.

GitLab

  1. Log into GitLab and access the project you wish to configure for HCP Vault Secrets.

  2. Expand Settings and click CI/CD.

  3. Expand Variables.

  4. Click Add variable.

  5. In Key text box enter VLT_ORGANIZATION_ID, in the Value field enter the org ID you copied from the HCP Portal, then click the Mask variable checkbox and click Add variable.

    Repeat the steps above to create variables for:

    • VLT_PROJECT_ID
    • VLT_APPLICATION_NAME
    • HCP_CLIENT_ID
    • HCP_CLIENT_SECRET

Configure pipeline

Update your .gitlab-ci.yml to install the vlt CLI and use vlt run to inject secrets as environment variables into any script or command.

Example:

image: ubuntu

build:
  stage: build
  script:
    - apt update && apt install -y gpg wget lsb-release
    - wget -O- https://apt.releases.hashicorp.com/gpg | gpg --dearmor -o /usr/share/keyrings/hashicorp-archive-keyring.gpg
    - echo "deb [arch=$(dpkg --print-architecture) signed-by=/usr/share/keyrings/hashicorp-archive-keyring.gpg] https://apt.releases.hashicorp.com $(lsb_release -cs) main" | tee /etc/apt/sources.list.d/hashicorp.list
    - apt update && apt install vlt
    - vlt run --command ./bin/build.sh