@wakeflow/secrets
v1.0.27
Published
This is a package that the team at Wakeflow use to manage secrets in GCP projects. It adds any "remote" secrets stored in GCP to the "local" secrets in your `.env` file
Downloads
1,702
Readme
@wakeflow/secrets
This is a package that the team at Wakeflow use to manage secrets in GCP projects.
It adds any "remote" secrets stored in GCP to the "local" secrets in your .env
file
How to use
Add all your secrets to secret manager https://console.cloud.google.com/security/secret-manager
add the following to your .env
GOOGLE_APPLICATION_CREDENTIALS=/Users/andreaskater/secrets/contractvoice-d4ea52312c2f.json
(Make sure to get your own creds from IAM on GCP console and replace the above path)Now you can run
npx @wakeflow/secrets
to sync the secrets in GCP Secret Manager into your .env file.You'll notice that they're added at the bottom after
### ADDED_BY_WAKEFLOW_SECRETS:
. Please don't remove that comment. It is required for future syncs.If the secrets on GCP Secret Manager are updated you can run
npx @wakeflow/secrets
again to update them in your local.env
file.Note: it will only update the secrets south of
### ADDED_BY_WAKEFLOW_SECRETS:
. It will never override secrets above### ADDED_BY_WAKEFLOW_SECRETS:
make sure you have .gitignored
.env
so that your local configuration doesn't get shared with colleagues
How to use in production
add
ENV=development
to your local .env (if you're developing locally and setENV=development
, thennpx @wakeflow/secrets
will get secrets from GCP Secret Manager that end in_development
and put them into your.env
file without that postfix. E.g.API_KEY_development
on GCP Secret Manager will be saved asAPI_KEY
in your.env
file ifENV=development
)create a
.env.production
file and setENV=production
in there so that production secrets will be downloaded when your code is deployed to production.make sure you have .gitignored
.env
, but not.env.production
, because.env.production
will be used for non-secret production configuration that everyone can see. In the next step it gets copied into the production environment during CI/CD.add the below to your
/.github/workflows/cicd.yaml
- run: cp .env.production .env
- run: npx @wakeflow/secrets
- Push a commit to
main
branch to trigger your github action
Scripts
add
npx @wakeflow/secrets add API_KEY abc123
This script will add a secret called API_KEY
with value abc123
to the remote GCP Secret Manager.
upload
npx @wakeflow/secrets upload .env.prod
This script will add all the secrets stored in the .env.prod
file to the remote GCP Secret Manager.
Problems/Support/Feedback
Please don't hesitate to get in touch on [email protected]