Writing STDCI secrets file
STDCI uses XDG Base Directory Specifications standard in order to search for the secrets file. The standard defines where different files should be looked for. $XDG_CONFIG_HOME is the place to search for user specific configuration files. On most systems, this variable is unset by default. For this case, the standard defines that if $XDG_CONFIG_HOME is either not set or empty, a default equal to $HOME/.config should be used.
STDCI searches for a file named ci_secrets_file.yaml
under XDG_CONFIG_HOME.
If XDG_CONFIG_HOME is not defined, will look for a file with the same name
under $HOME/.config.
ci_secrets_file.yaml
is a YAML config from the following
form:
---
- name: # Secret name
project: # Optional. Used to filter secrets by project's name
branch: # Optional. Used to filter secrets by project's branch name
# Regex is supported for both project and branch
# If not specified, the secret will be available for all projects/branches
secret_data:
# In this section, we write a key-value pairs of secret data name and
# it's value. It is used to bind several values for one secret.
# For example, username and password.
Example
---
- name: SERVICE_X_CREDENTIALS
project: my_project
branch: master
secret_data:
username: USERNAME_X
password: PASSWORD_X
- name: MY_SSH_KEY
project: oVirt-.*
secret_data:
key: |
# SSH KEY GOES HERE
Note that SERVICE_X_CREDENTIALS will be available to "my_project" only and only for "master" branch. MY_SSH_KEY will be available for all projects that their name starts with "oVirt-".