authn-jwt-gitlab
Description
This project creates a Docker image that includes a Go binary that can be used to authenticate a JWT token against Conjur Secrets Manager and retrieve a secret value. Ubuntu, Alpine, and UBI-FIPS versions are available. The secret value is returned to STDOUT and can be used in a GitLab CI pipeline.
Badges
Requirements
Usage
- Choose your GitLab Runner Docker container image based on your desired OS. The following images are available:
- nfmsjoeg/authn-jwt-gitlab:ubuntu
- nfmsjoeg/authn-jwt-gitlab:alpine
- nfmsjoeg/authn-jwt-gitlab:ubi-fips
- Once a GitLab Runner Docker container is decided upon, include it in your GitLab CI Pipeline file. The following example is for the nfmsjoeg/authn-jwt-gitlab:ubuntu image:
ubuntu:
stage: test
tags:
- docker
image: nfmsjoeg/authn-jwt-gitlab:ubuntu
- Be sure to properly tag the job in the GitLab CI Pipeline file with the proper tag to run the job on the GitLab Runner Docker container. This is done in the above example using the
tags
key.
- Variables must be set in the GitLab CI Pipeline file for the GitLab Runner Docker container to consume. Those environment variables are:
CONJUR_APPLIANCE_URL
CONJUR_ACCOUNT
CONJUR_AUTHN_JWT_SERVICE_ID
CONJUR_AUTHN_JWT_TOKEN
CONJUR_SECRET_ID
- To use the binary in a job executing on the GitLab Runner Docker container, review the example GitLab CI Pipeline script in this repository.
Example GitLab CI YAML File
variables:
CONJUR_APPLIANCE_URL: "https://conjur.joegarcia.dev"
CONJUR_ACCOUNT: "cyberarkdemo"
CONJUR_AUTHN_JWT_SERVICE_ID: "gitlab"
CONJUR_AUTHN_JWT_TOKEN: "${CI_JOB_JWT}"
ubuntu:
tags:
- docker
image: nfmsjoeg/authn-jwt-gitlab:ubuntu-dev
script:
- export TEST_USERNAME=$(CONJUR_SECRET_ID="SyncVault/LOB_CI/DemoSafe/DemoSafe-testuser4890/username" /authn-jwt-gitlab)
- export TEST_PASSWORD=$(CONJUR_SECRET_ID="SyncVault/LOB_CI/DemoSafe/DemoSafe-testuser4890/password" /authn-jwt-gitlab)
- env | grep TEST_
alpine:
tags:
- docker
image: nfmsjoeg/authn-jwt-gitlab:alpine-dev
script:
- export TEST_USERNAME=$(CONJUR_SECRET_ID="SyncVault/LOB_CI/DemoSafe/DemoSafe-testuser4890/username" /authn-jwt-gitlab)
- export TEST_PASSWORD=$(CONJUR_SECRET_ID="SyncVault/LOB_CI/DemoSafe/DemoSafe-testuser4890/password" /authn-jwt-gitlab)
- env | grep TEST_
ubi-fips:
stage: test
tags:
- docker
image: nfmsjoeg/authn-jwt-gitlab:ubi-fips-dev
script:
- export TEST_USERNAME=$(CONJUR_SECRET_ID="SyncVault/LOB_CI/DemoSafe/DemoSafe-testuser4890/username" /authn-jwt-gitlab)
- export TEST_PASSWORD=$(CONJUR_SECRET_ID="SyncVault/LOB_CI/DemoSafe/DemoSafe-testuser4890/password" /authn-jwt-gitlab)
- env | grep TEST_
Support
This is a community supported project. For support, please file an issue in this repository.
Contributing
If you would like to contribute to this project, please review the CONTRIBUTING.md file.
License
This project is licensed under MIT - see the LICENSE file for details.