Beluga is not currently deployed with an integrated secrets manager. You can use the var_sources block in your pipeline to load values from your own secrets manager (at the time of writing, Concourse supports only Vault in
var_sources). For example:
var_sources: - name: my-vault type: vault config: url: http://myvault.com:8200 auth_backend: approle auth_params: role_id: "xxx-xxx-xxx-xxx-xxx" secret_id: "xxx-xxx-xxx-xxx-xxx" resources: - name: beluga-repo type: git source: uri: https://github.com/EngineerBetter/beluga.git username: some-user password: ((my-vault:git-password))
Before setting a pipeline like the above, configure your Vault by following the Concourse Vault documentation. The above example uses an
approle auth backend that requires a
secret_id, which can be created by following these steps.
The secret in the above example can be created with this command:
vault kv put concourse/<team-name>/git-password value="password123"