LastPass

To use LastPass with Concourse CI, use a wrapper around fly, reconfigure-pipeline

This utility fetches LastPass credentials at reconfigure time and splices them into pipeline YAML.

Prerequisites

  • LastPass CLI
  • Install reconfigure-pipeline: go get -u github.com/pivotal-cf/reconfigure-pipeline
  • Create the following LastPass not and name it ci.secret
repo_key: |
-----BEGIN OPENSSH PRIVATE KEY-----
b3BlbnNzaC1rZXktdjEAAAAABG5vbmUAAAAEbm9uZQAAAAAAAAABAAABFwAAAAdzc2gtcn
NhAAAAAwEAAQAAAQEA1WpXPIJo1J5Z3rHCOxiSdWAY+tuxaUybIo0DaU6AVeRRTydGbUmV
...
F6a2m0OEAR+ub4kAAAAQb296aWVAT296aWVzLUFpcgECAw==
-----END OPENSSH PRIVATE KEY-----

Sample Pipeline using a repo key from LastPass

resources:
- name: code-repo
type: git
source:
branch: main
private_key: ((ci.secret/Notes/repo_key))
uri: git@github.com:mycompany/dockerfiles.git
jobs:
- name: job
public: true
plan:
- task: simple-task
config:
platform: linux
image_resource:
type: registry-image
source: { repository: busybox }
run:
path: echo
args: ["Hello world!"]

Setting the Pipeline

$ lpass login oozie@trullla.com
...
$ reconfigure-pipeline -t ci set-pipeline -p lastpass -c lastpass.yml