Travis CI changelog
Travis CI changelog
travis-ci.com

Hashicorp Vault integration available

 

New

  

Travis CI users now can connect Hashicorp Vault with Travis CI. Secrets/configuration may be pulled into CI job from Hashicorp Vault instance instead of storing these permanently at Travis CI native mechanisms. This feature aims to support security policies of teams, who want to maintain easy and full control over secrets via their own Key Management System.

In order to use the feature, a Travis CI user has to:

In your .travis.yml you can now use following convenience hooks:

vault:
  token: 
    secure: "Your encrypted token goes here"
  api_url: https://your-vault-kv2-api.endpoint
  secrets:
    - ns1/project_id/secret_key_a #path to a secret in Vault KV engine

If using this feature, please consider creating a dedicated CI/CD account in Hashicorp Vault with access only to secrets (credentials) or configuration entries required by the CI/CD pipeline. This will help limit security related risks.


Read more: