Vault

Vault secures, stores, and tightly controls access to tokens, passwords, certificates, API keys, and other secrets in modern computing. Vault handles leasing, key revocation, key rolling, auditing, and provides secrets as a service through a unified API.

Object Representation (YAML)

id: String
name: String
type: String
depends: [String]
tags: [String]
condition: Boolean
each: Array
while: String
until: String
verbosity: String
ignore_errors: Boolean
tool_version: String
tool_options: Object
properties:
  suppress_data: Boolean
  credential_id: String
  server_address: String
  agent_address: String
  namespace: String
  credential: String
  secret_engine: String
  role: String
  path: String
  key: String
  kv_secret_version: String
  tls_skip_verify: Boolean
  extra_options: String

Fields

Property Details
id *

String

A unique identifier for the step.

Can contain hyphens and underscores, but not spaces.

name *

String

A friendly name for the step. This name will appear in the pipeline designer and run output.

type *

String

The type of the step. Can be pipeline or a step module type.

depends[]

[String]

A list of dependencies of this step.

This step will not be executed until all steps with ids in this list are finished executing.

tags[]

[String]

Tags are used to group related steps. Steps with the same tag can be retrieved using the findStepsByTag() helper function.

Can contain hyphens and underscores, but not spaces.

condition

Boolean

An expression which is evaluated before the step executes. If it evaluates to false, the step will be skipped. The step.result.status field will be "Skipped".

each

Array

An expression which evaluates to an array. It is evaluated once before the first iteration. There will be one iteration for each element of the array. An empty array ([]) will results in no iterations being executed.

while

String

A boolean expression evaluated before each iteration. When the expression evaluates to false, iteration stops. If false before the first iteration, no iterations will be executed.

until

String

A boolean expression evaluated after each iteration. When the expression evaluates to true, iteration stops. The first iteration will always be excuted with no regard for the value of the expression.

verbosity

String

Step event verbosity. Determines how much information about step execution is sent back to the application.

ignore_errors

Boolean

If true, errors in the step module will not halt pipeline execution, and subsequent steps will still be executed. The step.result.status field will be "Failed" if the step encounters an error.

tool_version

String

The version to use for tool installation.

tool_options

Object

-

properties.suppress_data

Boolean

If true, the secret data will not be available in the pipeline step result.

properties.credential_id

String

The ID of the output credential. This ID can be used in subsequent steps with the credential(id) filter to retrieve the secret data.

properties.server_address *

String

The HTTP address of the vault server.

properties.agent_address

String

The HTTP address of the agent.

properties.namespace

String

The namespace to use for the command.

properties.credential *

String

The credential to use for authenticating with the Vault server. This property supports username/password, API token, and Vault AppRole credential types.

properties.secret_engine *

String

The secret engine to use. One of aws, kv, or cubbhyhole.

properties.role

String

The secret role to retrive, when using the aws secret engine.

properties.path

String

The path to the secret storage.

properties.key

String

The key of the secret to retrieve, when using the kv secret engine.

properties.kv_secret_version

String

The version of the secret to retrieve, when using the kv secret engine.

properties.tls_skip_verify

Boolean

If true, TLS certificate validation errors will be ignored.

properties.extra_options

String

Extra options that will be provided to vault command.

Result Fields

The following are the step execution result fields available at steps.<step id>.result after a step executes.

Key Details
result.status

String

A string indicating the step execution status. Can be Succeeded, Failed, or Skipped.

result.exit_code

Number

Exit code of the vault process.

result.stdout

String

Stdout of the vault process.

result.stderr

String

Stderr of the vault process.

result.data

String

The secret data. The structure of this data depends on the secret engine.