Use CircleCI version 2.1 at the top of your .circleci/config.yml file.
1
version: 2.1
Add the orbs
stanza below your version, invoking the orb:
1
2
orbs:
sdkms-cli: fortanix/sdkms-cli@1.0.1
Use sdkms-cli
elements in your existing workflows and jobs.
Opt-in to use of uncertified orbs on your organization’s Security settings page.
# What will this example document? # Descriptions should be short, simple, and clear.
1
2
3
4
5
6
7
8
9
jobs:
sdkms-cli:
executor: sdkms-cli/default
steps:
- checkout
- sdkms-cli/install
orbs:
sdkms-cli: ffaruqui_sandbox/sdkms-cli@0.0.1
version: 2.1
Install SDKMS CLI if needed, authenticate and get a secret value from SDKMS
PARAMETER | DESCRIPTION | REQUIRED | DEFAULT | TYPE |
---|---|---|---|---|
api-endpoint | SDKMS API Endpoint | No | https://sdkms.fortanix.com | string |
api-key | SDKMS API Key | Yes | - | string |
secret-file | "If secret value being retrieved is huge, use this parameter to specify \"
\" the file to store the secret value"
| Yes | - | string |
secret-name | Name of secret to retrieve. | Yes | - | string |
Install SDKMS CLI if needed, authenticate and store a secret value in SDKMS
PARAMETER | DESCRIPTION | REQUIRED | DEFAULT | TYPE |
---|---|---|---|---|
api-endpoint | SDKMS API Endpoint | No | https://sdkms.fortanix.com | string |
api-key | SDKMS API Key | Yes | - | string |
secret-description | Description of secret | Yes | - | string |
secret-file | "If secret value to be stored is huge, use this parameter to specify \"
\" the file that contains the secret value"
| Yes | - | string |
secret-name | Name of secret to retrieve. | Yes | - | string |
secret-value | "Secret value to store in SDKMS. This value can be plain text value."\
\" If the value is a binary data, then value should be passed as\"
\" base64 encoded"
| Yes | - | string |
Authenticate to SDKMS
PARAMETER | DESCRIPTION | REQUIRED | DEFAULT | TYPE |
---|---|---|---|---|
api-endpoint | SDKMS API Endpoint | No | https://sdkms.fortanix.com | string |
api-key | SDKMS API Key | Yes | - | string |
Get a secret value from SDKMS
PARAMETER | DESCRIPTION | REQUIRED | DEFAULT | TYPE |
---|---|---|---|---|
api-endpoint | SDKMS API Endpoint | No | https://sdkms.fortanix.com | string |
secret-file | "If secret value being retrieved is huge, use this parameter to specify \"
\" the file to store the secret value"
| Yes | - | string |
secret-name | Name of secret to retrieve. | Yes | - | string |
Terminate authentication session with SDKMS
PARAMETER | DESCRIPTION | REQUIRED | DEFAULT | TYPE |
---|---|---|---|---|
api-endpoint | SDKMS API Endpoint | No | https://sdkms.fortanix.com | string |
Store a secret in SDKMS
PARAMETER | DESCRIPTION | REQUIRED | DEFAULT | TYPE |
---|---|---|---|---|
api-endpoint | SDKMS API Endpoint | No | https://sdkms.fortanix.com | string |
secret-description | Description of secret | Yes | - | string |
secret-file | "If secret value to be stored is huge, use this parameter to specify \"
\" the file that contains the secret value"
| Yes | - | string |
secret-name | Name of secret." " This will be used to retrieve secret value later | Yes | - | string |
secret-value | "Secret value to store in SDKMS. This value can be plain text value."\
\" If the value is a binary data, then value should be passed as\"
\" base64 encoded"
| Yes | - | string |
The Debian-based Docker container to use when installing SDKMS CLI
PARAMETER | DESCRIPTION | REQUIRED | DEFAULT | TYPE |
---|---|---|---|---|
python-version | - | No | '2.7' | string |
release | - | No | stretch | string |
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
# This code is licensed from CircleCI to the user under the MIT license.
# See here for details: https://circleci.com/developer/orbs/licensing
commands:
authenticate:
description: Authenticate to SDKMS
parameters:
api-endpoint:
default: https://sdkms.fortanix.com
description: SDKMS API Endpoint
type: string
api-key:
description: SDKMS API Key
type: string
steps:
- run:
command: |
sdkms-cli --api-endpoint <<parameters.api-endpoint>> app-login\
--api-key <<parameters.api-key>>
name: Authenticate as an app to SDKMS
get-secret:
description: Get a secret value from SDKMS
parameters:
api-endpoint:
default: https://sdkms.fortanix.com
description: SDKMS API Endpoint
type: string
secret-file:
description: |
"If secret value being retrieved is huge, use this parameter to specify \"
\" the file to store the secret value"
type: string
secret-name:
description: Name of secret to retrieve.
type: string
steps:
- run:
command: |
SECRET_VALUE_FILE=/tmp/sdkms_secret_file
rm -f $SECRET_VALUE_FILE
sdkms-cli --api-endpoint <<parameters.api-endpoint>> export-object\
--name <<parameters.secret-name>> >> $SECRET_VALUE_FILE
if [ "<<parameters.secret-file>>" != "" ]
then
cp $SECRET_VALUE_FILE <<parameters.secret-file>>
else
rm -f /tmp/export_value
echo "export SDKMS_SECRET_VALUE=$(cat $SECRET_VALUE_FILE)"\
>> /tmp/export_value
source /tmp/export_value
rm -f /tmp/export_value
fi
rm -rf $SECRET_VALUE_FILE
name: Get a secrete value from SDKMS
install:
description: Install the SDKMS CLI via pip
steps:
- run:
command: |
export PIP=$(which pip pip3 | head -1)
if [[ -n $PIP ]]; then
if which sudo > /dev/null; then
sudo $PIP install sdkms-cli --upgrade
else
# This installs the SDKMS CLI to ~/.local/bin.
# Make sure that ~/.local/bin is in your $PATH.
$PIP install sdkms-cli --upgrade --user
fi
else
echo "Unable to install SDKMS CLI. Please install pip."
exit 1
fi
name: Install SDKMS CLI
logout:
description: Terminate authentication session with SDKMS
parameters:
api-endpoint:
default: https://sdkms.fortanix.com
description: SDKMS API Endpoint
type: string
steps:
- run:
command: |
sdkms-cli --api-endpoint <<parameters.api-endpoint>> app-logout
name: App logout from SDKMS
store-secret:
description: Store a secret in SDKMS
parameters:
api-endpoint:
default: https://sdkms.fortanix.com
description: SDKMS API Endpoint
type: string
secret-description:
description: Description of secret
type: string
secret-file:
description: |
"If secret value to be stored is huge, use this parameter to specify \"
\" the file that contains the secret value"
type: string
secret-name:
description: Name of secret." " This will be used to retrieve secret value
later
type: string
secret-value:
description: |
"Secret value to store in SDKMS. This value can be plain text value."\
\" If the value is a binary data, then value should be passed as\"
\" base64 encoded"
type: string
steps:
- run:
command: |
SECRET_VALUE_FILE=/tmp/sdkms_secret_file
rm -f $SECRET_VALUE_FILE
if [ "<<parameters.secret-value>>" == "" ]
then
if [ "<<parameters.secret-file>>" != "" ]
then
echo "Either parameter secret-value or secret-file "\
"should be specified"
exit 1
else
SECRET_VALUE_FILE="<<parameters.secret-file>>"
fi
else
echo <<parameters.secret-value>> >> $SECRET_VALUE_FILE
fi
sdkms-cli --api-endpoint <<parameters.api-endpoint>> import-secret\
--name <<parameters.secret-name>> \
--description <<parameters.secret-description>>\
--in $SECRET_VALUE_FILE
rm -rf $SECRET_VALUE_FILE
name: Store a secrete value in SDKMS
description: |
Install and configure Fortanix SDKMS CLI tool View this orb's source at - https://github.com/fortanix/sdkms-cli-orb
examples:
example:
description: |
# What will this example document? # Descriptions should be short, simple, and clear.
usage:
jobs:
sdkms-cli:
executor: sdkms-cli/default
steps:
- checkout
- sdkms-cli/install
orbs:
sdkms-cli: ffaruqui_sandbox/sdkms-cli@0.0.1
version: 2.1
executors:
default:
description: The Debian-based Docker container to use when installing SDKMS CLI
docker:
- image: circleci/python:<<parameters.python-version>>-<<parameters.release>>
parameters:
python-version:
default: "2.7"
type: string
release:
default: stretch
type: string
jobs:
get-secret-value:
description: |
Install SDKMS CLI if needed, authenticate and get a secret value from SDKMS
executor: default
parameters:
api-endpoint:
default: https://sdkms.fortanix.com
description: SDKMS API Endpoint
type: string
api-key:
description: SDKMS API Key
type: string
secret-file:
description: |
"If secret value being retrieved is huge, use this parameter to specify \"
\" the file to store the secret value"
type: string
secret-name:
description: Name of secret to retrieve.
type: string
steps:
- install
- authenticate:
api-endpoint: <<parameters.api-endpoint>>
api-key: <<parameters.api-key>>
- get-secret:
api-endpoint: <<parameters.api-endpoint>>
secret-file: <<parameters.secret-file>>
secret-name: <<parameters.secret-name>>
- logout:
api-endpoint: <<parameters.api-endpoint>>
store-secret-value:
description: |
Install SDKMS CLI if needed, authenticate and store a secret value in SDKMS
executor: default
parameters:
api-endpoint:
default: https://sdkms.fortanix.com
description: SDKMS API Endpoint
type: string
api-key:
description: SDKMS API Key
type: string
secret-description:
description: Description of secret
type: string
secret-file:
description: |
"If secret value to be stored is huge, use this parameter to specify \"
\" the file that contains the secret value"
type: string
secret-name:
description: Name of secret to retrieve.
type: string
secret-value:
description: |
"Secret value to store in SDKMS. This value can be plain text value."\
\" If the value is a binary data, then value should be passed as\"
\" base64 encoded"
type: string
steps:
- install
- authenticate:
api-endpoint: <<parameters.api-endpoint>>
api-key: <<parameters.api-key>>
- store-secret:
api-endpoint: <<parameters.api-endpoint>>
secret-description: <<parameters.secret-description>>
secret-file: <<parameters.secret-file>>
secret-name: <<parameters.secret-name>>
secret-value: <<parameters.secret-value>>
- logout:
api-endpoint: <<parameters.api-endpoint>>
version: 2.1