Darren Harlow, Senior Solutions Engineer at StrongDM, shows us how to use CI/CD with Non-human Interaction (NHI) using GitLab and API masked secrets retrieved from a vault for an RDS backup.
Darren Harlow StrongDM is demonstrating a CI/CD use case using non-human interaction with service accounts.
With GitLab, start out, we're logged into the control plane.
Notice. We've created the service account with the appropriate tokens.
We have a setup where we have the variables stored in GitLab using masking, which is a common practice, combined with our project right here that we have.
That's up to date.
With all the changes and everything logged, we've created a pipeline that we're gonna execute a job now.
So we're gonna start the actual job right here, and we're gonna do the backup for an Azure database that we have going.
This is now running. Go to our jobs.
You can see it's running. We'll allow it to finish.
It'll take just a couple of minutes, and it finished in 51 seconds.
We sped this up just so you didn't have to watch all of that.
We can now go look at all the commands that were run as part of the job, and you'll see that it created a backup of a PA Gila database.
We have the artifacts, it saved as a zip file.
We could download those.
So it used the surface account with the token to authenticate to the resource.
Right here. We can see it's connected to the Postgres database, and then it did a complete backup, which we instructed it to do.
Again, all without us having to touch it or do anything else.
We authorized it.
The service token was only allowed to get to the SSH Gateway and to the Postgres database.
So this limits the amount of destruction that can take place even using service account.
Hope this helps.
