Cannot source vault secrets using the built-in method in gilab-ci

Question

I can use the JWT auth method and obtain a token:

export VAULT_TOKEN=\
$(vault write -field=token auth/jwt/login role=$my_role_name jwt=$CI_JOB_JWT)

I can also source variables with vault kv get after preforming the above. However, I can't use gitlab's builtin method as described here: https://docs.gitlab.com/ee/ci/secrets/index.html#use-vault-secrets-in-a-ci-job

test:
  stage: validate
  secrets:
    TESTSECRET:
      vault: gitlab-ci/TEST_SEC/value@$SECRET_MOUNT
  script:
    - echo $TESTSECRET

No errors returned, but the secret does not get sourced.

In CI variables I have:

  VAULT_SERVER_URL: "http://myvaultserver.myvaultdomain.net:8200"
  VAULT_AUTH_ROLE: "my_role_name"

I'm not sure whether gitlab-ci requires any more config in order to make this builtin method work, as the vault CLI method (within the CI job), works with no issues.

Answer 1

Did you try using the secret mount name directly in the vault keyword instead of reading it from the variable $SECRET_MOUNT?