diff options
| author | GitLab Bot <gitlab-bot@gitlab.com> | 2023-10-03 09:09:20 +0300 |
|---|---|---|
| committer | GitLab Bot <gitlab-bot@gitlab.com> | 2023-10-03 09:09:20 +0300 |
| commit | 9e7d45afd74a71be22c2413f4857d4389e360a42 (patch) | |
| tree | 12474da5eb7b1afae32b83cad24fc19c13a58662 /doc/ci/secrets/convert-to-id-tokens.md | |
| parent | 6577e5711222dc3b4199588a541f738b22380eb6 (diff) | |
Add latest changes from gitlab-org/gitlab@master
Diffstat (limited to 'doc/ci/secrets/convert-to-id-tokens.md')
| -rw-r--r-- | doc/ci/secrets/convert-to-id-tokens.md | 19 |
1 files changed, 7 insertions, 12 deletions
diff --git a/doc/ci/secrets/convert-to-id-tokens.md b/doc/ci/secrets/convert-to-id-tokens.md index d2c9a55da1f..a477b73c107 100644 --- a/doc/ci/secrets/convert-to-id-tokens.md +++ b/doc/ci/secrets/convert-to-id-tokens.md @@ -9,18 +9,13 @@ type: tutorial This tutorial demonstrates how to convert your existing CI/CD secrets configuration to use [ID Tokens](../secrets/id_token_authentication.md). -The `CI_JOB_JWT` variables are deprecated, but updating to ID tokens requires some important configuration changes to work with Vault. If you have more than a handful of jobs, converting everything at once is a daunting task. +The `CI_JOB_JWT` variables are deprecated, but updating to ID tokens requires some +important configuration changes to work with Vault. If you have more than a handful of jobs, +converting everything at once is a daunting task. -From GitLab 15.9 to 15.11, [enable the automatic ID token authentication](../secrets/id_token_authentication.md#enable-automatic-id-token-authentication-deprecated) -setting to enable ID Tokens and disable `CI_JOB_JWT` tokens. - -In GitLab 16.0 and later you can use ID tokens without any settings changes. -Jobs that use `secrets:vault` automatically do not have `CI_JOB_JWT` tokens available, -Jobs that don't use `secrets:vault` can still use `CI_JOB_JWT` tokens. - -This tutorial will focus on v16 onward, if you are running a slightly older version you will need to toggle the `Limit JSON Web Token (JWT) access` setting as appropriate. - -There isn't one standard method to migrate to [ID tokens](../secrets/id_token_authentication.md), so this tutorial includes two variations for how to convert your existing CI/CD secrets. Choose the method that is most appropriate for your use case: +There isn't one standard method to migrate to [ID tokens](../secrets/id_token_authentication.md), so this tutorial +includes two variations for how to convert your existing CI/CD secrets. Choose the method that is most appropriate for +your use case: 1. Update your Vault configuration: - Method A: Migrate JWT roles to the new Vault auth method @@ -37,7 +32,7 @@ This tutorial assumes you are familiar with GitLab CI/CD and Vault. To follow along, you must have: -- An instance running GitLab 15.9 or later, or be on GitLab.com. +- An instance running GitLab 16.0 or later, or be on GitLab.com. - A Vault server that you are already using. - CI/CD jobs retrieving secrets from Vault with `CI_JOB_JWT`. |