Giters

sokomishalov / teamcity-hashicorp-vault-plugin

TeamCity plugin to support HashiCorp Vault

Geek Repo:Geek Repo

Github PK Tool:Github PK Tool

TeamCity Plugin for HashiCorp Vault

official JetBrains project

The plugin allows connecting TeamCity to Vault, requesting new credentials when a build starts, passing them to the build script, and revoking them immediately when the build finishes.

See blog post for details.

Download binaries in Plugin repository.

Configure with AWS IAM auth method

If both your TeamCity and Vault installations run on AWS EC2 instances, it is possible to use AWS IAM Auth method to authenticate to Vault. To enable this authentication method, check AWS IAM Auth method in the connection parameter screen.

It would even work if only TeamCity agents and Vault are on AWS EC2 instances, TeamCity server may be deployed elsewhere. Though in such case 'Test Connection' won't work.

Vault connector

Notes

Server-side token revoke

It's recommended to add folowing policy to approle, so TeamCity server will be able to revoke token even if TeamCity agent fails to do that on finishing build:

path "auth/token/revoke-accessor" {
  capabilities = ["update"]
}

About

TeamCity plugin to support HashiCorp Vault

License:Apache License 2.0

Languages

Language:Java 50.5%Language:Kotlin 49.5%