@valora/secrets-loader
v1.0.0
Published
Library for loading secrets via Google Cloud's Secrets Manager
Downloads
5,835
Readme
secrets-loader
Load secret data from Google Cloud's Secrets Manager and parse with dotenv.
Installation
From your project directory, run:
yarn add @valora/secrets-loader
or
npm i @valora/secrets-loader
Example usage
import {loadSecret} from '@valora/secrets-loader'
async function loadSecretExample() {
// ...your code...
const VERSION = 'latest'
const secretData = await loadSecret(`projects/${YOUR_PROJECT_ID}/secrets/${YOUR_SECRET_NAME}/versions/${VERSION}`)
// If secret is FOO=bar\nUSER=alice...
// ...you can use the values directly...
doStuffWithFoo(secretData.FOO)
doStuffWithUser(secretData.USER)
// ...or inject into process.env.
process.env = { ...process.env, ...secretData }
}
loadSecret
is a thin wrapper for SecretManagerServiceClient.accessSecretVersion
, so you may also find this example helpful.
Local Development
Prerequisites
If you plan to use actual secrets from the Google Cloud Secrets Manager (rather than mocked values) with your local service, you will need:
- read permissions from whichever secrets are loaded from Google Cloud in your project
- Google cloud sdk installed
Setup
- Log in:
gcloud auth login
- Set your project configuration to whatever project the secrets are located in. For example:
gcloud config set project my-project
. (replacemy-project
with your project name, as needed)
Troubleshooting
If you are logged in and have all the necessary permissions, but still getting an error like failed to retrieve auth metadata with error: invalid_grant
when
you try to access secrets, it may be an IDE permissions issue. Try setting your Application Default Credentials (ADC) as described here.
Optional
If you are a JetBrains aficionado, you may find this plugin enjoyable. It includes a SecretManager toolbar.