read_secrets:
  image: vault:latest
  script:
    - echo $CI_COMMIT_REF_NAME
    - echo $CI_COMMIT_REF_PROTECTED
    - export VAULT_ADDR=http://vault.bildme.ru
    - export VAULT_TOKEN="$(vault write -field=token auth/jwt/login role=gitlabci-role jwt=$CI_JOB_JWT)"
    - export PASSWORD="$(vault kv get -field=password secret/gitlab/db1)"
    - echo $PASSWORD
  when: manual