I have a template file on gitlab:
.secrets:
GROUP_A_secret_a:
vault: GroupA/seca@default
GROUP_B_secret_a:
vault: GroupB/seca@default
GROUP_A_secret_b:
vault: GroupA/secb@default
GROUP_B_secret_b:
vault: GroupA/secb@default
And then I refer to those secrets on gitlab jos as:
secrets: !reference [ .secrets ]
How do I split them into .secretsA and .secretsB and refer them in the gitlab job?
Like sytech, answered, I would say a slight modification to make it work and little better.
Have the secrets in different files:
file "/.secretsA.yml"
.secretsA
secrets:
GROUP_A_secret_a:
vault: GroupA/seca@default
# ... and so on
file "/.secretsB.yml"
.secretsB
secrets:
GROUP_B_secret_b:
vault: GroupA/secb@default
# ... and so on
file /.secrets_default.yml
include:
- local: /.secretsA.yml
- local: /.secretsB.yml
.secrets_default:
extends:
- .secretsA
- .secretsB
You can now have your job have all the secrets by extending .secrets_default:
file ".gitlab-ci.yml"
include:
- /.secrets_default.yml
my-job:
extends: .secrets_default
In this way you can cleanly, have all secrets for your job on gitlab