GitPlanet

Cheap and reliable Node.js hosting starts at $3/month, and $1/month static HTML hosting

Created with love in Canada, visit hostnodejs.com today

Feel like to post an Ad? Learn Details
All Projects → binxio → gcp-get-secret

binxio / gcp-get-secret

Licence: Apache-2.0 license
A simple command line utility to get secrets from the Google Secret Manager into your environment

Programming Languages

go
31211 projects - #10 most used programming language
shell
77523 projects
Makefile
30231 projects
Dockerfile
14818 projects
PHP
23972 projects - #3 most used programming language

Labels

gcpsecretsgoogle-cloud-platformsecretmanager

Projects that are alternatives of or similar to gcp-get-secret

Secrets Store Csi Driver Provider Gcp
Google Secret Manager provider for the Secret Store CSI Driver.
Stars: ✭ 40 (+14.29%)
Mutual labels:  gcp, secrets, google-cloud-platform
course-material
Course Material for in28minutes courses on Java, Spring Boot, DevOps, AWS, Google Cloud, and Azure.
Stars: ✭ 544 (+1454.29%)
Mutual labels:  gcp, google-cloud-platform
deploy-cloudrun
This action deploys your container image to Cloud Run.
Stars: ✭ 238 (+580%)
Mutual labels:  gcp, google-cloud-platform
blockchain-etl-streaming
Streaming Ethereum and Bitcoin blockchain data to Google Pub/Sub or Postgres in Kubernetes
Stars: ✭ 57 (+62.86%)
Mutual labels:  gcp, google-cloud-platform
augle
Auth + Google = Augle
Stars: ✭ 22 (-37.14%)
Mutual labels:  gcp, google-cloud-platform
awesome-bigquery-views
Useful SQL queries for Blockchain ETL datasets in BigQuery.
Stars: ✭ 325 (+828.57%)
Mutual labels:  gcp, google-cloud-platform
drf-angular-docker-tutorial
Dockerized Django Back-end API using DRF with Angular Front-end Tutorial
Stars: ✭ 53 (+51.43%)
Mutual labels:  gcp, google-cloud-platform
deploy-appengine
A GitHub Action that deploys source code to Google App Engine.
Stars: ✭ 184 (+425.71%)
Mutual labels:  gcp, google-cloud-platform
zorya
Google Cloud Instance Scheduler helping to reduce costs by 60% on average for non-production environments.
Stars: ✭ 127 (+262.86%)
Mutual labels:  gcp, google-cloud-platform
iris3
An upgraded and improved version of the Iris automatic GCP-labeling project
Stars: ✭ 38 (+8.57%)
Mutual labels:  gcp, google-cloud-platform
kane
Google Pub/Sub client for Elixir
Stars: ✭ 92 (+162.86%)
Mutual labels:  gcp, google-cloud-platform
gisjogja
GISJOGJA - aplikasi web based sistem informasi geografis (SIG) / GIS wisata kota JOGJA - www.firstplato.com
Stars: ✭ 17 (-51.43%)
Mutual labels:  gcp, google-cloud-platform
cloud-speech-and-vision-demos
A set of demo applications that make use of google speech, nlp and vision apis based in angular2
Stars: ✭ 35 (+0%)
Mutual labels:  gcp, google-cloud-platform
k8s-digester
Add digests to container and init container images in Kubernetes pod and pod template specs. Use either as a mutating admission webhook, or as a client-side KRM function with kpt or kustomize.
Stars: ✭ 65 (+85.71%)
Mutual labels:  gcp, google-cloud-platform
gcp auth
Minimal authentication library for Google Cloud Platform (GCP)
Stars: ✭ 42 (+20%)
Mutual labels:  gcp, google-cloud-platform
GoogleCloudLogging
Swift (Darwin) library for logging application events in Google Cloud.
Stars: ✭ 24 (-31.43%)
Mutual labels:  gcp, google-cloud-platform
argon
Campaign Manager 360 and Display & Video 360 Reports to BigQuery connector
Stars: ✭ 31 (-11.43%)
Mutual labels:  gcp, google-cloud-platform
GCP
All files containing commands which can be used to complete GCP quests and challenge labs
Stars: ✭ 46 (+31.43%)
Mutual labels:  gcp, google-cloud-platform
auth
A GitHub Action for authenticating to Google Cloud.
Stars: ✭ 567 (+1520%)
Mutual labels:  gcp, google-cloud-platform
vertex-edge
A tool for training models to Vertex on Google Cloud Platform.
Stars: ✭ 24 (-31.43%)
Mutual labels:  gcp, google-cloud-platform
View All Similar Projects ➔

gcp-get-secret

The simple utility can be used the configure the environment of an application with values from the Google Secret Manager

How does it work?

It is simple. Specify one or more environment variables with a URI of the gcp: protocol, as follows:

export MYSQL_PASSWORD=gcp:///mysql_root_password'
gcp-get-secret bash -c 'echo $MYSQL_PASSWORD'

the utility will lookup the value of mysql_root_password in the secret manager of the current project and replace the environment variable. The program on the command line will be exec'ed with MYSQL_PASSWORD set to the actual value.

secret names

The required secret can be specified in the following formats:

  • <name>
  • <name>/<version>
  • <project>/<name>
  • <project>/<name>/<version>
  • projects/<project>/secrets/<name>/versions/<version>

Query parameters

The utility supports the following query parameters:

  • default - value if the value could not be retrieved from the secret manager.
  • destination - the filename to write the value to. value replaced with file: url.
  • chmod - file permissions of the destination, left to default if not specified. recommended 0600.
  • template - the template to use for writing the value, defaults to '{{.}}'

If no default nor destination is specified and the secret is not found, the utility will return an error. If a default is specified and the secret is not found, the utility will use the default. If a destination file exists and no default is specified, the file will be read as the default value.

For example:

$ export ORACLE_PASSWORD=gcp://oracle_scott_password?default=tiger&destination=/tmp/password
$ gcp-get-secret bash -c 'echo $ORACLE_PASSWORD'
/tmp/password
$ cat /tmp/password
tiger

template formatting

To format the secret, you can use the template query parameter. For example:

$ export PGPASSFILE=gcp://postgres_kong_password?template='localhost:5432:kong:kong:{{.}}%0A&destination=$HOME/.pgpass'
$ gcp-get-secret bash -c 'cat $PGPASSFILE'
localhost:5432:kong:kong:@CypJqmqZ@TYQ2GDnUD@MQGuKyhrl!

Environment substitution

The URI may contain an environment variable reference. For example:

$ export ENV=dev
$ export 'PASSWORD=gcp:///${ENV}_mysql_root_password'
gcp-get-secret bash -c 'echo $PASSWORD'

will print out the value of dev_mysql_root_password.

Dockerfile usage

To idiomatic way to use the utility is as follows:

FROM binxio/gcp-get-secret

FROM alpine:3.6
COPY --from=0 /gcp-get-secret /usr/local/bin/

ENV PGPASSWORD=gcp:///postgres_root_password
ENTRYPOINT [ "/usr/local/bin/gcp-get-secret"]
CMD [ "/bin/bash", "-c", "echo $PGPASSWORD"]

installation

If you have golang installed, type:

go get github.com/binxio/gcp-get-secret

installation in Docker

With Docker you can use the multi-stage build:

FROM binxio/gcp-get-secret

FROM alpine:3.6
COPY --from=0 /gcp-get-secret /usr/local/bin/
Note that the project description data, including the texts, logos, images, and/or trademarks, for each open source project belongs to its rightful owner. If you wish to add or remove any projects, please contact us at [email protected].