How do I access mounted secrets when using Google Cloud Run?

Question

I have two questions:

1. Why can't I mount two cloud secrets in the same directory?

   I have attempted to mount two secrets, FIREBASE_AUTH_SERVICE_ACCOUNT and PURCHASE_VALIDATION_SERVICE_ACCOUNT in the directory:

   flask_app/src/services/firebase/service_accounts/

   However I get this error, when attempting to do this: spec.template.spec.containers[0].volume_mounts[1].mount_path, Duplicate volume mount paths are forbidden Why is this?

2. How do I access a mounted secret using python?

   I'm really not sure how to do this as I couldn't find any documentation on how to actually access the secret itself. This is the only thing I found. I am using python just for context. Would the secret be mounted as a .txt and is that mount path the folder that it is stored in or does it also specify the file name?

Answer 1

With Cloud Run and Secret manager you can load a secret in 2 manners:

• Load a secret in a environment variable, use --set-secrets=ENV_VAR_NAME=secretName:version
• Load a secret in a file, use --set-secrets=/path/to/file=secretName:version

Therefore, you can read a secret as you read

• An environment variable (something like os.getenv())
• A file (something like fs.open('/path/to/file','r'))

So, your first question about directory is not clear. If you mount 2 secrets in 2 files in the same directory, no problem!

If it doesn't solve your question, please, clarify.