Created
September 19, 2024 07:27
-
-
Save taufiqpsumarna/53ea8fe30455f65dcafc3a9a12fe14f6 to your computer and use it in GitHub Desktop.
Infisical Gitlab CI/CD
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| --- | |
| 🔐 infisical-get-secret: | |
| image: taufiq14s/infisical-cli | |
| rules: | |
| - if: $CI_COMMIT_BRANCH == "main" | |
| variables: | |
| INFISICAL_ENVIRONMENT: prod | |
| - if: $CI_COMMIT_BRANCH == "staging" | |
| variables: | |
| INFISICAL_ENVIRONMENT: staging | |
| stage: Build | |
| script: | |
| - infisical.sh | |
| artifacts: | |
| access: none | |
| paths: | |
| - .env | |
| expire_in: 1 hour |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/bin/bash | |
| # Environment List Available | |
| # INFISICAL_URL = YOUR_INFISICAL_URL | |
| # INFISICAL_PROJECT_ID = YOUR_INFISICAL_PROJECT_ID | |
| # INFISICAL_ENV_PATH = /PATH/TO/PROJECT-GROUP | |
| # INFISICAL_ENVIRONMENT = Dev | Staging | Prod | |
| # INFISICAL_CLIENT_ID = Machine Identity Client ID | |
| # INFISICAL_CLIENT_SECRET = Machine Identity Secret Token | |
| # GITLAB_INFISICAL_CLI_VERSION = Infisical CLI Version | |
| # Exit on any error | |
| set -e | |
| # Trap to ensure cleanup happens even if script fails | |
| cleanup() { | |
| echo "Clearing Infisical Token and other sensitive variables..." | |
| unset INFISICAL_URL | |
| unset INFISICAL_ENV_PATH | |
| unset INFISICAL_CLIENT_SECRET | |
| unset INFISICAL_ENVIRONMENT | |
| unset INFISICAL_TOKEN | |
| unset INFISICAL_CLIENT_ID | |
| } | |
| trap cleanup EXIT | |
| infisical --version | |
| # Start Infisical Setup (Migrate to taufiq14s/infisical-cli) | |
| # echo "Install prerequisite" | |
| # apt-get update && apt-get install -y sudo curl gnupg apt-transport-https apt-utils | |
| # echo "Add Infisical Repository" | |
| # curl -1sLf \ | |
| # 'https://dl.cloudsmith.io/public/infisical/infisical-cli/setup.deb.sh' \ | |
| # | sudo -E bash | |
| # echo "Install Infisical CLI" | |
| # sudo apt-get update && sudo apt-get install -y infisical=${GITLAB_INFISICAL_CLI_VERSION:-0.31.0} | |
| echo "Set Infisical Default Variables" | |
| INFISICAL_ENV_PATH=${INFISICAL_ENV_PATH:-"/"} | |
| INFISICAL_ENVIRONMENT=${INFISICAL_ENVIRONMENT:-"staging"} | |
| echo "Logging into Infisical with Machine Identity..." | |
| export INFISICAL_TOKEN=$(infisical login --domain="${INFISICAL_URL}" --method=universal-auth --client-id="${INFISICAL_CLIENT_ID}" --client-secret="${INFISICAL_CLIENT_SECRET}" --silent --plain) | |
| echo "Writing .env file..." | |
| infisical export --token="${INFISICAL_TOKEN}" --env="${INFISICAL_ENVIRONMENT}" --domain="${INFISICAL_URL}" --projectId="${INFISICAL_PROJECT_ID}" --path="${INFISICAL_ENV_PATH}" > .env | |
| # Clear token and sensitive variables as part of cleanup | |
| echo "Clear Infisical Token" | |
| cleanup | |
| echo "Script execution completed successfully." |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment