Bitbucket
How to sync secrets from Hanzo KMS to Bitbucket
Hanzo KMS lets you sync secrets to Bitbucket at the repository-level and deployment environment-level.
Prerequisites:
- Set up and add envars to Hanzo KMS Cloud
Use our Bitbucket Secret Syncs
Configure a Machine Identity for your project and give it permissions to read secrets from your desired Hanzo KMS projects and environments.
Create Bitbucket variables (can be either workspace, repository, or deployment-level) to store Machine Identity Client ID and Client Secret.
Edit your Bitbucket pipeline YAML file to include the use of the KMS CLI to fetch and inject secrets into any script or command within the pipeline.
Example
image: atlassian/default-image:3
pipelines:
default:
- step:
name: Build application with secrets from Hanzo KMS
script:
- apt update && apt install -y curl
- curl -1sLf 'https://artifacts-cli.kms.hanzo.ai/setup.deb.sh' | bash
- apt-get update && apt-get install -y kms
- export INFISICAL_TOKEN=$(kms login --method=universal-auth --client-id=$INFISICAL_CLIENT_ID --client-secret=$INFISICAL_CLIENT_SECRET --silent --plain)
- kms run --projectId=1d0443c1-cd43-4b3a-91a3-9d5f81254a89 --env=dev -- npm run buildSet the values of projectId and env flags in the kms run command to your intended source path. For more options, refer to the CLI command reference here.
How is this guide?
Last updated on