Azure AD Dynamic Secrets #10
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: 'Azure AD Dynamic Secrets' | |
| # Docs => https://docs.akeyless.io/docs/azure-ad-dynamic-secrets | |
| on: | |
| workflow_dispatch: | |
| push: | |
| branches: | |
| - main | |
| paths: | |
| - 'src/**/*' | |
| - '.github/workflows/dynamic-azure-ad.yml' | |
| jobs: | |
| ############################## | |
| ########## Option 1 ########## | |
| ############################## | |
| # - Uses default behavior | |
| # The response from Akeyless is kept in it's original JSON string. It is then your responsibility to correctly parse it. | |
| fetch_dynamic_secrets: | |
| runs-on: ubuntu-latest | |
| name: AAD dynamic secrets (default) | |
| permissions: | |
| id-token: write | |
| contents: read | |
| steps: | |
| - name: Checkout | |
| uses: actions/checkout@v3 | |
| with: | |
| fetch-depth: 0 | |
| - name: Fetch dynamic secret from Akleyless | |
| id: fetch-secrets | |
| uses: ./ | |
| with: | |
| access-id: ${{ secrets.AKEYLESS_ACCESS_ID }} | |
| dynamic-secrets: '{"/DevTools/dvlup-azure":"azure_ad_dynamic_secret"}' | |
| # See other example workflows on how to manually parse each key value => https:/LanceMcCarthy/akeyless-action/blob/main/.github/workflows/dynamic-github.yml#L35-L53 | |
| # For this demo we'll just use jq and export them to custom env vars directly | |
| - name: Export Secrets to Environment using jq | |
| run: | | |
| echo '${{ steps.fetch-secrets.outputs.azure_ad_dynamic_secret }}' | jq -r 'to_entries|map("AKEYLESS_AZURE_AD_\(.key|ascii_upcase)=\(.value|tostring)")|.[]' >> $GITHUB_ENV | |
| - name: Verify exported variables | |
| run: | | |
| echo "id: ${{ env.AKEYLESS_AZURE_AD_ID }}" | |
| echo "msg: ${{ env.AKEYLESS_AZURE_AD_MSG }}" | |
| echo "secret: ${{ env.AKEYLESS_AZURE_AD_SECRET }}" | |
| echo "ttl_in_minutes: ${{ env.AKEYLESS_AZURE_AD_TTL_IN_MINUTES }}" | |
| ############################## | |
| ########## Option 2 ########## | |
| ############################## | |
| # - Uses 'parse-dynamic-secrets: true' | |
| # This will automatically parse the JSON string into individual outputs | |
| auto_parsed_secrets: | |
| runs-on: ubuntu-latest | |
| name: AAD dynamic secrets (parsed) | |
| permissions: | |
| id-token: write | |
| contents: read | |
| steps: | |
| - name: Checkout | |
| uses: actions/checkout@v3 | |
| with: | |
| fetch-depth: 0 | |
| - name: Fetch dynamic secret from Akleyless | |
| id: fetch-secrets | |
| uses: ./ | |
| with: | |
| access-id: ${{ secrets.AKEYLESS_ACCESS_ID }} | |
| dynamic-secrets: '{"/DevTools/dvlup-azure":""}' #no prefix, all output fields are dynamically parsed from source | |
| parse-dynamic-secrets: true | |
| - name: Verify Job Outputs (to known field names, pre-parsed) | |
| run: | | |
| echo "ID: ${{ steps.fetch-secrets.outputs.id }}" | |
| echo "MSG: ${{ steps.fetch-secrets.outputs.msg }}" | |
| echo "SECRET: ${{ steps.fetch-secrets.outputs.secret }}" | |
| echo "TTL_IN_MINUTES: ${{ steps.fetch-secrets.outputs.ttl_in_minutes }}" | |
| - name: Verify Environment Variables (to known field names, pre-parsed) | |
| run: | | |
| echo "ID: ${{ env.id }}" | |
| echo "MSG: ${{ env.msg }}" | |
| echo "SECRET: ${{ env.secret }}" | |
| echo "TTL_IN_MINUTES: ${{ env.ttl_in_minutes }}" | |
| ############################## | |
| ########## Option 3 ########## | |
| ############################## | |
| # - Uses 'parse-dynamic-secrets: true' | |
| # - Uses 'AZURE_AD' as a prefix to the output names | |
| # This is the same as Option 2, but with a known prefix to help avoid conflicts with other variable names | |
| auto_parsed_secrets_with_prefix: | |
| runs-on: ubuntu-latest | |
| name: AAD dynamic secrets (prefix-parsed) | |
| permissions: | |
| id-token: write | |
| contents: read | |
| steps: | |
| - name: Checkout | |
| uses: actions/checkout@v3 | |
| with: | |
| fetch-depth: 0 | |
| - name: Fetch dynamic secret from Akleyless | |
| id: fetch-secrets | |
| uses: ./ | |
| with: | |
| access-id: ${{ secrets.AKEYLESS_ACCESS_ID }} | |
| dynamic-secrets: '{"/DevTools/dvlup-azure":"AZURE_AD"}' #applies "AZURE_AD_" prefix to dynamically parsed output names | |
| parse-dynamic-secrets: true | |
| - name: Verify Job Outputs (to known field names, pre-parsed with prefix) | |
| run: | | |
| echo "ID: ${{ steps.fetch-secrets.outputs.AZURE_AD_id }}" | |
| echo "MSG: ${{ steps.fetch-secrets.outputs.AZURE_AD_msg }}" | |
| echo "SECRET: ${{ steps.fetch-secrets.outputs.AZURE_AD_secret }}" | |
| echo "TTL_IN_MINUTES: ${{ steps.fetch-secrets.outputs.AZURE_AD_ttl_in_minutes }}" | |
| - name: Verify Environment Variables (to known field names, pre-parsed with prefix) | |
| run: | | |
| echo "ID: ${{ env.AZURE_AD_id }}" | |
| echo "MSG: ${{ env.AZURE_AD_msg }}" | |
| echo "SECRET: ${{ env.AZURE_AD_secret }}" | |
| echo "TTL_IN_MINUTES: ${{ env.AZURE_AD_ttl_in_minutes }}" |