Reputation: 7396
Does google app engine support environment variables?
I've noticed that the developer console doesn't seem to expose anywhere where I can configure static environment variables.
Is the expectation on GAE that I will bundle those variables as part of the deployment from my build server? If so, is there any documentation on GAE/Google Cloud that covers why or details the philosophy?
Upvotes: 11
Views: 11169
Answers (4)
Reputation: 5294
Also solved this using the secrets manager.
Here is what the partial django code looks like. Make sure you add permissions for GAE service account to access.
Resources for django
https://cloud.google.com/python/django/appengine#understanding-secrets
https://cloud.google.com/python/django/appengine#store-secret-values-in-secret-manager
https://github.com/GoogleCloudPlatform/python-docs-samples/blob/HEAD/appengine/standard_python3/django/mysite/settings.py
# settings.py
if "GOOGLE_CLOUD_PROJECT" in os.environ:
from google.cloud import secretmanager
project_id = os.environ.get("GOOGLE_CLOUD_PROJECT")
client = secretmanager.SecretManagerServiceClient()
settings_name = os.environ.get("SETTINGS_NAME", "adt_portal_django_settings")
name = f"projects/{project_id}/secrets/{settings_name}/versions/latest"
payload = client.access_secret_version(name=name).payload.data.decode("UTF-8")
env.read_env(io.StringIO(payload))
Upvotes: 0
Reputation: 15587
One solution is apparently https://cloud.google.com/secret-manager/docs, but I opted for the solution offered here:
Securely storing environment variables in GAE with app.yaml
First, put the environment variables in an env_variables.yaml, e.g.,
env_variables:
SECRET: 'my_secret'
Then, include this env_variables.yaml in the app.yaml
includes:
- env_variables.yaml
Finally, add the env_variables.yaml to .gitignore, so that the secret variables won't exist in the repository.
Further,
- I commit env_variables.sample.yaml, with instructions and placeholder values which the next dev can fill in
- in dev, I parse env_variables.yaml and add the vars to
process.envso I have a single source of truth for those vars…
if (process.env.NODE_ENV === "development") {
try {
const fs = require("fs");
const yaml = require("js-yaml");
let fileContents = fs.readFileSync("./env_variables.yaml", "utf8");
let {env_variables} = yaml.load(fileContents);
console.log({ env_variables });
Object.keys(env_variables).forEach((v) => {
process.env[v] = env_variables[v];
});
} catch (error) {
res.status(500).end("500: Problem getting env vars");
return;
}
}
I'm adding my solution here as the quoted question specifies python, and this question is generic.
As with other PAAS solutions (eg Heroku, Netlify), if a user has access to the App Engine console, they can see the secrets (in this case by browsing the source files in the console).
Upvotes: 4
Reputation: 1101
Years have passed, and still it doesn't.
My workaround is to compile app.yaml during deployment process (locally or with CI). For example, I have a template file app.tml.yaml file
runtime: python37
handlers:
- url: /static
static_dir: app/static/
- url: /.*
script: auto
env_variables:
DJANGO_GC_DATABASE_PASSWORD: ${DJANGO_GC_DATABASE_PASSWORD}
Then I call envsubst right before deployment
envsubst < ./app.tml.yaml > app.yaml and after that gcloud app deploy as usual. After the deployment is done app.yaml with sensitive data is deleted. Variables are read from local .env file or are set in CI system.
There also other approaches I found listed in this post: https://dev.to/mungell/google-cloud-app-engine-environment-variables-5990 but for me they are not convienient or generic enough.
Upvotes: 14
Reputation: 6893
Environment variables can be defined in your application's app.yaml
An example for a python/php/(maybe go?) app. Java uses a different format.
env_variables:
MY_ENV_VAR: 'some value here'
You can set these values during your CI process as well if you need to by programmatically appending them to your app.yaml before deploying.
Upvotes: 7
Related Questions
- How can you pass environment variables to google app engine via app.yaml?
- How to Add Environment Variables to Google App Engine
- How to set env var?
- Is there a way to import environment variables in Google App Engine's app.yaml?
- Pass environment variables to GAE instance
- Passing environment variables to Managed VM instances
- How to set GAE environment-specific environment variables?
- how to set environment variables on google appengine?
- Accessing Environment Variables in Google App Engine
- Environment variables in App Engine PHP runtime environment