New
Travis CI users now can connect Hashicorp Vault with Travis CI. Secrets/configuration may be pulled into CI job from Hashicorp Vault instance instead of storing these permanently at Travis CI native mechanisms. This feature aims to support security policies of teams, who want to maintain easy and full control over secrets via their own Key Management System.
In order to use the feature, a Travis CI user has to:
In your .travis.yml
you can now use following convenience hooks:
vault:
token:
secure: "Your encrypted token goes here"
api_url: https://your-vault-kv2-api.endpoint
secrets:
- ns1/project_id/secret_key_a #path to a secret in Vault KV engine
If using this feature, please consider creating a dedicated CI/CD account in Hashicorp Vault with access only to secrets (credentials) or configuration entries required by the CI/CD pipeline. This will help limit security related risks.
Read more: