Writing STDCI secrets file
STDCI uses XDG Base Directory Specifications standard in order to search for the secrets file. The standard defines where different files should be looked for. $XDG_CONFIG_HOME is the place to search for user specific configuration files. On most systems, this variable is unset by default. For this case, the standard defines that if $XDG_CONFIG_HOME is either not set or empty, a default equal to $HOME/.config should be used.
STDCI searches for a file named
ci_secrets_file.yaml under XDG_CONFIG_HOME.
If XDG_CONFIG_HOME is not defined, will look for a file with the same name
ci_secrets_file.yaml is a YAML config from the following
--- - name: # Secret name project: # Optional. Used to filter secrets by project's name branch: # Optional. Used to filter secrets by project's branch name # Regex is supported for both project and branch # If not specified, the secret will be available for all projects/branches secret_data: # In this section, we write a key-value pairs of secret data name and # it's value. It is used to bind several values for one secret. # For example, username and password.
--- - name: SERVICE_X_CREDENTIALS project: my_project branch: master secret_data: username: USERNAME_X password: PASSWORD_X - name: MY_SSH_KEY project: oVirt-.* secret_data: key: | # SSH KEY GOES HERE
Note that SERVICE_X_CREDENTIALS will be available to "my_project" only and only for "master" branch. MY_SSH_KEY will be available for all projects that their name starts with "oVirt-".