Skip to content

Latest commit

 

History

History
55 lines (39 loc) · 2.6 KB

upload-secret-manager.asciidoc

File metadata and controls

55 lines (39 loc) · 2.6 KB

Upload files or variables as secrets in Google Cloud Secret Manager

In this section we will create secrets in Secret Manager that will be made available in the pipelines that need them, either as files or as environment variables.

To make this happen, in addition to creating an entry in Secret Manager, it is required to create/update a configuration file in the project repository containing the information about the secrets and their scope pipeline-wise. This process will follow the project workflow, so a new branch named feature/add-secret will be created and the required changes will be pushed to it.

Then, the new branch will be merged into the appropriate branch (provided in -b flag).

The script located at scripts/pipelines/gcloud/add-secret.sh will assist you in this process.

Prerequisites

This script will commit and push the corresponding shell script and configuration file into your repository, so please be sure your local repository is up-to-date (i.e you have pulled latest changes with git pull).

Uploading secrets using provided script

Usage

add-secret.sh \
  -d <local directory> \
  -f <local file path> \
  [-r <remote file path>] \
  [-n <secret name>] \
  -v <value> \
  -b <target branch> \
  [-p <pipelines list>]

Flags

-d, --local-directory       [Required] Local directory of your project."
-f, --local-file-path       [Required, unless -v] Local path of the file to be uploaded. Takes precedence over -v.
-r, --remote-file-path      [Required, if -f] File path (in pipeline context) where the secret will be downloaded.
-n, --secret-name           [Required, if -v] Name for the secret in Secret Manager. If not specified (when optional), file name is used as default. The name must comply with the regex [a-zA-Z0-9_].
-v, --value                 [Required, unless -f] Value of the secret.
-b, --target-branch         [Required] Name of the branch to which the merge will target.
-p, --pipelines                        List of pipelines where the secret will be made available. By default, all pipelines.
Note
If -n flag is not provided and the file name of -f is not compliant with the regex, it will be modified to be so.

Examples

Adding a secret file

./add-secret.sh -d C:/Users/$USERNAME/Desktop/project -f ../path/to/secretFile.txt -r .pipelines/config/secretFile.txt -n secretFile -b develop -p "build-pipeline,test-pipeline"

Adding secret variable

./add-secret.sh -d C:/Users/$USERNAME/Desktop/project/ -n secretVar -v secretValue -b develop -p "build-pipeline,test-pipeline"