google-secret-manager

问题 I can't figure out why I keep getting the error: Error: Could not load the default credentials. Browse to https://cloud.google.com/docs/authentication/getting-started for more information. firebase login from my command line returns that I am already logged in and I have configured my-app@appspot.gserviceaccount.com to be a Secret Manager Secret Accessor in the GCP IAM admin dashboard within the same project. Here's the code I'm using: const { SecretManagerServiceClient } = require("@google

问题 I'm doing a build on GCB in which I need to install private dependencies, so am using Google Secrets Manager. My cloudbuild.yaml looks like this: steps: - name: gcr.io/cloud-builders/gcloud entrypoint: 'bash' args: [ '-c', "gcloud secrets versions access latest --secret=PERSONAL_ACCESS_TOKEN_GITHUB --format='get(payload.data)' | tr '_-' '/+' | base64 -d > decrypted-pat.txt" ] - name: 'gcr.io/cloud-builders/docker' args: - build - '--build-arg' - PERSONAL_ACCESS_TOKEN_GITHUB=$(cat decrypted

问题 How can I access the variables I define in Google Secret Manager from my Google Cloud Build Pipeline ? 回答1: You can access to secret from Cloud Build by using the standard Cloud Builder gcloud But, there is 2 issues: If you want to use the secret value in another Cloud Build step, you have to store your secret in a file, the only way to reuse a previous value from one step to another one The current Cloud Builder gcloud isn't up to date (today, 03 feb 2020). You have to add a gcloud component

问题 I'm trying from storing my API keys in a .env to using Google Cloud Platform Secrets Manager. I've followed the instructions here but I encounter an error saying that I don't have permissions to access the secret. import * as admin from "firebase-admin" import { SecretManagerServiceClient } from "@google-cloud/secret-manager" admin.initializeApp() const secretClient = new SecretManagerServiceClient() async function main() { async function getSecret(): Promise<string | null | undefined> {

问题 I'm trying from storing my API keys in a .env to using Google Cloud Platform Secrets Manager. I've followed the instructions here but I encounter an error saying that I don't have permissions to access the secret. import * as admin from "firebase-admin" import { SecretManagerServiceClient } from "@google-cloud/secret-manager" admin.initializeApp() const secretClient = new SecretManagerServiceClient() async function main() { async function getSecret(): Promise<string | null | undefined> {

问题 If I had credentials I need to store in Google Compute Engine or Google App Engine for use at build time, how should I store them? Is there something better than storing them in code, or in a bucket? 回答1: One option is to encrypt the secrets with a key from Cloud KMS, and store them either in a storage bucket or keep them in the binary. This lets you manage permissions and logging on the key, to indirectly manage who accesses the secret. 回答2: As of December 2019, you should store secrets with

问题 If I had credentials I need to store in Google Compute Engine or Google App Engine for use at build time, how should I store them? Is there something better than storing them in code, or in a bucket? 回答1: One option is to encrypt the secrets with a key from Cloud KMS, and store them either in a storage bucket or keep them in the binary. This lets you manage permissions and logging on the key, to indirectly manage who accesses the secret. 回答2: As of December 2019, you should store secrets with

问题 If I had credentials I need to store in Google Compute Engine or Google App Engine for use at build time, how should I store them? Is there something better than storing them in code, or in a bucket? 回答1: One option is to encrypt the secrets with a key from Cloud KMS, and store them either in a storage bucket or keep them in the binary. This lets you manage permissions and logging on the key, to indirectly manage who accesses the secret. 回答2: As of December 2019, you should store secrets with

问题 I created a secret on the Secrets Manager console. Then I took tried using the Go code quickstart guide like ctx := context.Background() client, err := secretmanager.NewClient(ctx) if err != nil { log.Println(err) } // Build the request. req := &secretmanagerpb.AccessSecretVersionRequest{ Name: "projects/my-project/secrets/API_KEY/versions/latest", } // Call the API. result, err := client.AccessSecretVersion(ctx, req) if err != nil { log.Println(err) } but then I get rpc error: code =

问题 I am having Angular service (Cloud Run fully managed) from which I would like to access 'googleapis' Secret Manager API with HTTP client call. The problem is I do not find a way to get the current service account's auth token that I can further use into the Authorization header field. This is an approach to use Secret Manager API, but I can change this with possible other solutions too unless it is working from the Agular app. Thanks a lot in advance. 回答1: I found a conceptual solution to the