nope_that_does_not_work
Reputation: 61
I can not access the environmental variable from Secret Manager that I passed in the secretEnv in Google Cloud Build
steps:
- name: gcr.io/cloud-builders/docker
entrypoint: bash
args:
- '-c'
- |
docker pull $_AR_HOSTNAME/$PROJECT_ID/cloud-run-source-deploy/$REPO_NAME/$_SERVICE_NAME:latest || exit 0
id: Pull docker cache
- name: gcr.io/cloud-builders/docker
args:
- build
- '-t'
- $_AR_HOSTNAME/$PROJECT_ID/cloud-run-source-deploy/$REPO_NAME/$_SERVICE_NAME:$COMMIT_SHA
- '-t'
- $_AR_HOSTNAME/$PROJECT_ID/cloud-run-source-deploy/$REPO_NAME/$_SERVICE_NAME:latest
- .
- --cache-from
- $_AR_HOSTNAME/$PROJECT_ID/cloud-run-source-deploy/$REPO_NAME/$_SERVICE_NAME:latest
id: Build
- name: gcr.io/cloud-builders/docker
args:
- run
- '--rm'
- $_AR_HOSTNAME/$PROJECT_ID/cloud-run-source-deploy/$REPO_NAME/$_SERVICE_NAME:$COMMIT_SHA
- bash
- '-c'
- |
export DEBUG=true
echo
env
python manage.py test
secretEnv: ['DJANGO_SECRET']
- GCP_INFOS
id: Test
- name: gcr.io/cloud-builders/docker
args:
- push
- >-
$_AR_HOSTNAME/$PROJECT_ID/cloud-run-source-deploy/$REPO_NAME/$_SERVICE_NAME:$COMMIT_SHA
id: Push
- name: 'gcr.io/google.com/cloudsdktool/cloud-sdk:slim'
args:
- run
- services
- update
- $_SERVICE_NAME
- '--platform=managed'
- >-
--image=$_AR_HOSTNAME/$PROJECT_ID/cloud-run-source-deploy/$REPO_NAME/$_SERVICE_NAME:$COMMIT_SHA
- >-
--labels=managed-by=gcp-cloud-build-deploy-cloud-run,commit-sha=$COMMIT_SHA,gcb-build-id=$BUILD_ID,gcb-trigger-id=$_TRIGGER_ID
- '--region=$_DEPLOY_REGION'
- '--quiet'
id: Deploy
entrypoint: gcloud
availableSecrets:
secretManager:
- versionName: projects/$PROJECT_ID/secrets/DJANGO_SECRET/versions/latest
env: "DJANGO_SECRET"
I tried to add this step just for testing purpose:
- name: 'gcr.io/google.com/cloudsdktool/cloud-sdk:slim'
entrypoint: bash
args:
- '-c'
- |
echo "Fetching DJANGO_SECRET from Secret Manager..."
echo "$(gcloud secrets versions access latest --secret="DJANGO_SECRET")"
id: Get gcloud secrets for testing purpose
Here it correctly prints out the variable, which means that I correctly gave the permission to Cloud build and also the variable name is correct. However, with the above method it does not work, where I just provide the environmental variable as secretEnv
I gave both the Secret Manager viewer and Secret Manager admin (just in case) permissions to [email protected], and also the environmental variable is availabe in the Secret manager.
It fails in the Test step, when I print env, it does not have the DJANGO_SECRET inside there. How to solve it? I tried to check all the links, and did in the exact same way, but still not able to handle this.
Upvotes: 0
Views: 130
Answers (0)
Related Questions
- How to use dynamically versioning in cloudbuild.yaml file?
- Execute a Big query in cloud buils step with multiple source files
- Access Environment Variables through vite-react and GCP Cloud Build
- Pass firebase private key from secret manager to cloud build container
- Gcloud cloud build local component failing with error "Error loading config file: unknown field "availableSecrets" in cloudbuild.Build"
- Access google cloud secret inside cloud build yaml
- How do I use Google Secrets Manager to create a docker ARG in Google Cloud Build?
- Running gcloud run deploy from inside Cloud Build results in error