Aembit Edge GitLab CI/CD Component

This page describes how to use the Aembit Edge GitLab CI/CD Component in GitLab Jobs.

The Aembit Edge GitLab CI/CD Component is a pre-built component that you can use in your GitLab pipeline configuration file to retrieve credentials from your Aembit Tenant. It simplifies the process of integrating Aembit Edge with GitLab Jobs by providing a ready-to-use component that handles the authentication and credential retrieval process.

Configure an Access Policy

To configure your Aembit Tenant to support GitLab Jobs using the Aembit Edge GitLab CI/CD as a Client Workload:

Configure your Client Workload to identify the Aembit Edge GitLab CI/CD Component runtime environment with one or more of the following Client Workload Identifiers:
Configure your Trust Provider type to Gitlab Job ID Token to identify and attest the CI/CD component runtime environment.

Make sure to copy the Edge SDK Client ID and any aud values for configuration of the GitLab CI/CD component input variables, client-id and aud.
Configure your Credential Provider to specify the credential values which you want to be available in the CI runtime environment.

You can use any Credential Provider type. Some may require specifying the credential_names GitLab CI/CD component input variable.
Configure your Server Workload to specify the service endpoint host and port which you want to use in the CI runtime environment.

You can use any Server Workload type. The server-workload-host and server-workload-port variables must match the values you specify in the Server Workload configuration.
Configure your Access Policy and then click Save & Activate.

Using the Aembit Edge GitLab CI/CD component

When you have configured your Aembit Tenant to support GitLab Jobs, you can use the Aembit Edge GitLab CI/CD component in your GitLab pipeline configuration file.

You must provide the following required GitLab CI/CD component input variables:

client-id - This is the Edge SDK Client ID from your configured Aembit GitLab Trust Provider.
aud - This is the aud field from your configured Aembit GitLab Trust Provider.
server-workload-host- This is the server hostname or IP address from your Aembit Server Workload.
server-workload-port - This is the server port number from you Aembit Server Workload.

To use the component, specify the <component-version> you want to use in the include section of your GitLab pipeline configuration file.

   ...
   include:
    - component: $CI_SERVER_FQDN/aembit/aembit-edge/aembit-get-credentials@<component-version>
      inputs:
        # `client-id` = Edge SDK Client ID from your Aembit Trust Provider
        client-id: "aembit:useast2:abc123:identity:gitlab_idtoken:0c43ca60-f63f-43be-9801-5a51816fef9b"
        # `aud` = Audience value from your Aembit Trust Provider
        aud: "https://abc123.id.useast2.aembit.io"
        server-workload-host: example.com
        server-workload-port: 443
   ...

Use the credentials (for example, $TOKEN, the default credential output name) that your component provides in your GitLab jobs.
```
...
 my-job:
   script: |
     curl --header "Authorization: Bearer $TOKEN" https://example.com
...
```

GitLab CI/CD component input variables

Please review the input variables for the Aembit Edge GitLab CI/CD component in the GitLab CI/CD catalog entry.

The Readme tab provides a full listing, with the input types, descriptions and default values.