Skip to main content
HashiTalks 2025 Learn about unique use cases, homelab setups, and best practices at scale at our 24-hour virtual knowledge sharing event. Register
Presentation

Portable CD pipelines for Nomad with Vault and Dagger

Continuous delivery pipelines for Nomad jobs are a relatively solved problem thanks to how easy it is to operate the Nomad API. A lot of teams that own these kinds of pipelines will find that they can only run their pipeline on the CI platform they were written for, and often times that pipeline will be defined by some platform specific yaml that only a few team members understand. I'll show how anyone can write a CD pipeline for Nomad using Dagger and Vault. With these tools, the CD pipeline can run anywhere, including locally, and it can be written in any language the team is comfortable with. In this demo, I'll write a CD pipeline from scratch in Go. The pipeline will use Vault as it's secret engine to build and push an OCI image and update a Nomad job to run the new image. To demonstrate the portability, this will run locally, in GitHub actions, and in CircleCI without any modification needed between each platform.

Continuous delivery pipelines for Nomad jobs are a relatively solved problem thanks to how easy it is to operate the Nomad API. A lot of teams that own these kinds of pipelines will find that they can only run their pipeline on the CI platform they were written for, and often times that pipeline will be defined by some platform specific yaml that only a few team members understand.

I'll show how anyone can write a CD pipeline for Nomad using Dagger and Vault. With these tools, the CD pipeline can run anywhere, including locally, and it can be written in any language the team is comfortable with.

In this demo, I'll write a CD pipeline from scratch in Go. The pipeline will use Vault as it's secret engine to build and push an OCI image and update a Nomad job to run the new image. To demonstrate the portability, this will run locally, in GitHub actions, and in CircleCI without any modification needed between each platform.

More resources like this one

4/11/2024FAQ

Introduction to HashiCorp Vault

Vault identity diagram
12/28/2023FAQ

Why should we use identity-based or "identity-first" security as we adopt cloud infrastructure?

3/14/2023Article

5 best practices for secrets management

2/3/2023Case Study

Automating Multi-Cloud, Multi-Region Vault for Teams and Landing Zones