read_secrets:
  image: vault:latest
  script:
    - echo $CI_COMMIT_REF_NAME
    - echo $CI_COMMIT_REF_PROTECTED
    - export VAULT_ADDR=http://vault.bildme.ru
    - export VAULT_TOKEN="$(vault write -field=token auth/jwt/login role=gitlabci-role jwt=$CI_JOB_JWT)"
    - export PASSWORD="$(vault kv get -field=password secret/gitlab/db1)"
    - echo $PASSWORD
  when: manual


## GitLab Premium supports read access to a HashiCorp Vault, and enables you to use Vault secrets in a CI job.
# read_secrets_native:
#   variables:
#     VAULT_ADDR: http://vault.bildme.ru
#     VAULT_AUTH_ROLE: gitlabci-role
#   secrets:
#     PASSWORD:
#       vault: secret/gitlab/db1
#       file: false
#   script:
#     - echo $PASSWORD
#   when: manual