VeraIDVeraID
Identity Security
Security Posture (ISPM)Threat Detection (ITDR)Directory IntegrationAI Agent Security
Governance
Lifecycle AutomationOffboarding CascadesComplianceCross-Cloud Correlation
FeaturesSecurityDocumentation
Blog
Partner ProgramMSP PartnersReseller PartnersTechnology PartnersReferral Partners
AboutCareersContact
Pricing
Join WaitlistLogin
Documentation/CI/CD Integrations

CI/CD Integrations

Secure your deployment pipelines with dynamic secret injection and credential management.

Supported Platforms

GitHub Actions

Native action for secret injection

GitLab CI

CI/CD variable integration

CircleCI

Context and environment vars

Jenkins

Pipeline plugin integration

Azure DevOps

Service connection support

Bitbucket

Pipeline variables

Key Features

Dynamic Secrets

Secrets are fetched at runtime, never stored in CI config or logs.

Auto Rotation

Credentials rotate automatically without pipeline changes.

Audit Trail

Every secret access is logged with pipeline context.

GitHub Actions

Use the official VeraID action to inject secrets into your workflows:

github-actions.yml
name: Deploy
on: [push]

jobs:
  deploy:
    runs-on: ubuntu-latest
    steps:
      - uses: actions/checkout@v4

      - name: Get secrets from VeraID
        uses: veraid/secrets-action@v1
        with:
          api-key: ${{ secrets.VERAID_API_KEY }}
          identity-id: ${{ secrets.VERAID_IDENTITY_ID }}
          secrets: |
            AWS_ACCESS_KEY_ID=aws-access-key
            AWS_SECRET_ACCESS_KEY=aws-secret-key
            DATABASE_URL=production-db-url

      - name: Deploy to AWS
        run: |
          aws s3 sync ./dist s3://my-bucket
        env:
          AWS_ACCESS_KEY_ID: ${{ env.AWS_ACCESS_KEY_ID }}
          AWS_SECRET_ACCESS_KEY: ${{ env.AWS_SECRET_ACCESS_KEY }}

GitLab CI

.gitlab-ci.yml
stages:
  - deploy

deploy:
  stage: deploy
  image: veraid/ci-helper:latest
  before_script:
    - eval $(veraid secrets export --format=shell)
  script:
    - echo "Deploying with secrets from VeraID"
    - aws s3 sync ./dist s3://my-bucket
  variables:
    VERAID_API_KEY: $VERAID_API_KEY
    VERAID_IDENTITY_ID: $VERAID_IDENTITY_ID

CircleCI

.circleci/config.yml
version: 2.1

orbs:
  veraid: veraid/secrets@1.0

jobs:
  deploy:
    docker:
      - image: cimg/node:18.0
    steps:
      - checkout
      - veraid/fetch-secrets:
          secrets: |
            AWS_ACCESS_KEY_ID:aws-access-key
            DATABASE_URL:production-db-url
      - run:
          name: Deploy
          command: npm run deploy

workflows:
  main:
    jobs:
      - deploy
Best Practice: Use Identity-Specific Tokens

Create a dedicated CI/CD identity for each pipeline. This enables granular access control and makes it easy to rotate credentials or revoke access for specific pipelines.