Skip to content

Take this course to learn how to create fine-grained, least-privilege HashiCorp Vault roles for GitHub Action workflows using GitHub OIDC.

License

Notifications You must be signed in to change notification settings

artis3n/course-vault-github-oidc

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

21 Commits
 
 
 
 
 
 
 
 
 
 

Repository files navigation

Getting secrets from HashiCorp Vault with GitHub OIDC in Action workflows

Understand the principles behind configuring OIDC authentication from GitHub Action workflows to HashiCorp Vault for least-privilege access to secrets from CI/CD pipelines.

  • Who is this for: Developers, security engineers, and operators of secrets management programs.
  • What you'll learn: How to use GitHub OIDC for fine-grained role access to secrets in HashiCorp Vault.
  • What you'll build: You will create three GitHub Action workflows retrieving secrets from Vault for the following use cases:
    1. Non-production secrets for integration testing within pull requests
    2. Production secrets for deployments of code from the main branch
    3. Segregating access to secrets between jobs in a workflow file with GitHub Environments
  • Prerequisites:
    1. You should have basic proficiency working with HashiCorp Vault. You should understand how Vault roles correspond to HCL policies and how policies grant access to secrets. Completing HashiCorp's Vault Getting Started tutorial is sufficient.
    2. You should also understand the layout of a GitHub Actions workflow file. The GitHub tutorial Continuous Integration provides a good introduction.
  • How long: This course is 4 steps long and takes about 1 hour to complete.

How to start this course

start-course

  1. Make sure you are signed in to GitHub. Right-click Start course and open the link in a new tab.
  2. In the new tab, most of the prompts will automatically fill in for you.
    • For owner, choose your personal account or an organization to host the repository.
    • We recommend creating a public repository — private repositories will use Actions minutes.
  3. After your new repository is created, wait about 20 seconds, then refresh that page. Follow the step-by-step instructions in the new repository's README.

Get help: Post in our discussion board • Something not working? File an issue ticket

© 2022 Ari Kalfus • Code of ConductCC-BY-4.0 License

About

Take this course to learn how to create fine-grained, least-privilege HashiCorp Vault roles for GitHub Action workflows using GitHub OIDC.

Topics

Resources

License

Stars

Watchers

Forks