Create dynamic-azure-ad.yml #16
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: 'MSSQL Dynamic Secrets' | |
| # Docs => https://docs.akeyless.io/docs/create-dynamic-secret-to-sql-db | |
| on: | |
| workflow_dispatch: | |
| push: | |
| branches: ['main'] | |
| paths-ignore: | |
| - 'README.md' | |
| jobs: | |
| ########## | |
| # Option 1 - the default behavior gets the secret as a JSON string, it's the consumer's responsibility to parse it | |
| ########## | |
| sql_dynamic_secrets: | |
| runs-on: ubuntu-latest | |
| name: SQL dynamic secrets (default) | |
| permissions: | |
| id-token: write | |
| contents: read | |
| steps: | |
| - name: Checkout | |
| uses: actions/checkout@v3 | |
| with: | |
| fetch-depth: 0 | |
| - name: Fetch dynamic secret from Akleyless | |
| id: fetch-secrets | |
| uses: ./ | |
| with: | |
| access-id: ${{ secrets.AKEYLESS_ACCESS_ID }} | |
| dynamic-secrets: '{"/DevTools/az-dvlup-sqlsrvsecret":"my_dynamic_secret"}' | |
| - name: Verify Job Outputs using jq | |
| run: | | |
| echo "Your job output secret is ${{ steps.fetch-secrets.outputs.my_dynamic_secret }}" | |
| echo "Manually parsed ID:" | |
| echo '${{ steps.fetch-secrets.outputs.my_dynamic_secret }}' | jq '.id' | |
| echo "Manually parsed USER:" | |
| echo '${{ steps.fetch-secrets.outputs.my_dynamic_secret }}' | jq '.user' | |
| echo "Manually parsed TTL_IN_MINUTES:" | |
| echo '${{ steps.fetch-secrets.outputs.my_dynamic_secret }}' | jq '.ttl_in_minutes' | |
| echo "Manually parsed PASSWORD:" | |
| echo '${{ steps.fetch-secrets.outputs.my_dynamic_secret }}' | jq '.password' | |
| - name: Verify Environment Variables using jq | |
| run: | | |
| echo "Your environment secret is ${{ env.my_dynamic_secret }}" | |
| echo "Manually parsed ID:" | |
| echo '${{ env.my_dynamic_secret }}' | jq '.id' | |
| echo "Manually parsed USER:" | |
| echo '${{ env.my_dynamic_secret }}' | jq '.user' | |
| echo "Manually parsed TTL_IN_MINUTES:" | |
| echo '${{ env.my_dynamic_secret }}' | jq '.ttl_in_minutes' | |
| echo "Manually parsed PASSWORD:" | |
| echo '${{ env.my_dynamic_secret }}' | jq '.password' | |
| # Extra 1 & 2 Another way to get the secret values is to use jq and export them to custom env vars directly | |
| - name: EXTRA (part 1) - Export Secrets to Environment using jq | |
| run: | | |
| echo '${{ steps.fetch-secrets.outputs.my_dynamic_secret }}' | jq -r 'to_entries|map("AKEYLESS_\(.key|ascii_upcase)=\(.value|tostring)")|.[]' >> $GITHUB_ENV | |
| - name: EXTRA (part 2) - Verify EXTRA 1's Exported Variables | |
| run: | | |
| echo "AKEYLESS_id = ${{ env.AKEYLESS_id }}" | |
| echo "AKEYLESS_user = ${{ env.AKEYLESS_user }}" | |
| echo "AKEYLESS_password = ${{ env.AKEYLESS_password }}" | |
| echo "AKEYLESS_ttl_in_minutes = ${{ env.AKEYLESS_ttl_in_minutes }}" | |
| ########## | |
| # Option 2 - Use 'parse-dynamic-secrets: true' to automatically parse the JSON string into individual outputs | |
| ########## | |
| sql_dynamic_secrets_parsed: | |
| runs-on: ubuntu-latest | |
| name: SQL dynamic secrets (parsed) | |
| permissions: | |
| id-token: write | |
| contents: read | |
| steps: | |
| - name: Checkout | |
| uses: actions/checkout@v3 | |
| with: | |
| fetch-depth: 0 | |
| - name: Fetch dynamic secret from Akleyless | |
| id: fetch-secrets | |
| uses: ./ | |
| with: | |
| access-id: ${{ secrets.AKEYLESS_ACCESS_ID }} | |
| dynamic-secrets: '{"/DevTools/az-dvlup-sqlsrvsecret":""}' #no prefix, all output fields are dynamically parsed from source | |
| parse-dynamic-secrets: true | |
| - name: Verify Job Outputs (to known field names, pre-parsed) | |
| run: | | |
| echo "ID: ${{ steps.fetch-secrets.outputs.id }}" | |
| echo "USER: ${{ steps.fetch-secrets.outputs.user }}" | |
| echo "TTL_IN_MINUTES: ${{ steps.fetch-secrets.outputs.ttl_in_minutes }}" | |
| echo "PASSWORD: ${{ steps.fetch-secrets.outputs.password }}" | |
| - name: Verify Environment Variables (to known field names, pre-parsed) | |
| run: | | |
| echo "ID: ${{ env.id }}" | |
| echo "USER: ${{ env.user }}" | |
| echo "TTL_IN_MINUTES: ${{ env.ttl_in_minutes }}" | |
| echo "PASSWORD: ${{ env.password }}" | |
| ########## | |
| # Option 3 - This is the same as Option 2, but with a prefix | |
| ########## | |
| sql_dynamic_secrets_prefixed: | |
| runs-on: ubuntu-latest | |
| name: SQL dynamic secrets (parsed with prefix) | |
| permissions: | |
| id-token: write | |
| contents: read | |
| steps: | |
| - name: Checkout | |
| uses: actions/checkout@v3 | |
| with: | |
| fetch-depth: 0 | |
| - name: Fetch dynamic secret from Akleyless | |
| id: fetch-secrets | |
| uses: ./ | |
| with: | |
| access-id: ${{ secrets.AKEYLESS_ACCESS_ID }} | |
| dynamic-secrets: '{"/DevTools/az-dvlup-sqlsrvsecret":"SQL"}' #applies "SQL_" prefix to dynamically parsed output names | |
| parse-dynamic-secrets: true | |
| - name: Verify Job Outputs (to known field names, pre-parsed with prefix) | |
| run: | | |
| echo "ID: ${{ steps.fetch-secrets.outputs.SQL_id }}" | |
| echo "USER: ${{ steps.fetch-secrets.outputs.SQL_user }}" | |
| echo "TTL_IN_MINUTES: ${{ steps.fetch-secrets.outputs.SQL_ttl_in_minutes }}" | |
| echo "PASSWORD: ${{ steps.fetch-secrets.outputs.SQL_password }}" | |
| - name: Verify Environment Variables (to known field names, pre-parsed with prefix) | |
| run: | | |
| echo "ID: ${{ env.SQL_id }}" | |
| echo "USER: ${{ env.SQL_user }}" | |
| echo "TTL_IN_MINUTES: ${{ env.SQL_ttl_in_minutes }}" | |
| echo "PASSWORD: ${{ env.SQL_password }}" |