Skip to main content
Demo

Injecting HashiCorp Vault Dynamic Secrets into a CircleCI Pipeline

Watch this live stream replay on how to use HashiCorp Vault's Google Cloud Secrets Engine in a CircleCI pipeline.

Speakers

How do we use HashiCorp Vault's Google Cloud Secrets Engine to inject service account keys into a CircleCI pipeline? Watch this replay from the HashiCorp Live stream to learn how to securely inject dynamic secrets into your CircleCI pipeline. Rosemary Wang (Developer Advocate, HashiCorp) and Angel Rivera (Developer Advocate, CircleCI) teach each other about HashiCorp Vault and CircleCI while attempting to configure an example pipeline to use Vault to retrieve dynamically generated Google Cloud service account keys and authenticate to a Kubernetes cluster in Google Kubernetes Engine.

Subscribe to the HashiCorp Live Twitch channel to watch future live streams!

Outline

0:05 — Introduction & Recap of Injecting Static Secrets. See CircleCI Configuration Reference for pipeline configuration attributes.

33:08 — Introduction to Google Cloud Secrets Engine

37:50 — Using the Vault Provider for Terraform to Configure Vault

53:10 — Configuring Vault with Terraform Cloud

1:01:30 — Configuring CircleCI to Retrieve Google Cloud Service Account Keys from Vault

1:06:20 — Configuring Vault Agent Template to Output Service Account Keys

1:25:00 — Demo of Dynamic Service Account Creation in Google Cloud

1:53:10 — Fixing Vault Agent Template to Base-64 Decode Google Cloud Service Account Key

1:56:00 — Successful Authentication to Kubernetes cluster on Google Kubernetes Engine

More resources like this one

4/11/2024FAQ

Introduction to HashiCorp Vault

Vault identity diagram
12/28/2023FAQ

Why should we use identity-based or "identity-first" security as we adopt cloud infrastructure?

3/14/2023Article

5 best practices for secrets management

2/3/2023Case Study

Automating Multi-Cloud, Multi-Region Vault for Teams and Landing Zones